From 5b0808bfcf9624fc205cd112f2ece1becff0096c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:25:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0154.json | 180 ++++++------- 2006/0xxx/CVE-2006-0419.json | 130 +++++----- 2006/0xxx/CVE-2006-0597.json | 170 ++++++------- 2006/0xxx/CVE-2006-0746.json | 240 +++++++++--------- 2006/0xxx/CVE-2006-0901.json | 180 ++++++------- 2006/1xxx/CVE-2006-1245.json | 300 +++++++++++----------- 2006/4xxx/CVE-2006-4180.json | 34 +-- 2006/4xxx/CVE-2006-4736.json | 170 ++++++------- 2006/5xxx/CVE-2006-5841.json | 170 ++++++------- 2006/5xxx/CVE-2006-5867.json | 480 +++++++++++++++++------------------ 2006/5xxx/CVE-2006-5997.json | 34 +-- 2010/0xxx/CVE-2010-0021.json | 140 +++++----- 2010/2xxx/CVE-2010-2090.json | 180 ++++++------- 2010/2xxx/CVE-2010-2731.json | 130 +++++----- 2010/2xxx/CVE-2010-2913.json | 150 +++++------ 2010/2xxx/CVE-2010-2957.json | 150 +++++------ 2010/3xxx/CVE-2010-3075.json | 230 ++++++++--------- 2010/3xxx/CVE-2010-3109.json | 140 +++++----- 2010/3xxx/CVE-2010-3240.json | 140 +++++----- 2010/3xxx/CVE-2010-3320.json | 140 +++++----- 2010/4xxx/CVE-2010-4192.json | 170 ++++++------- 2010/4xxx/CVE-2010-4562.json | 130 +++++----- 2010/4xxx/CVE-2010-4701.json | 170 ++++++------- 2010/4xxx/CVE-2010-4785.json | 130 +++++----- 2010/4xxx/CVE-2010-4931.json | 140 +++++----- 2014/3xxx/CVE-2014-3115.json | 150 +++++------ 2014/3xxx/CVE-2014-3957.json | 34 +-- 2014/4xxx/CVE-2014-4945.json | 170 ++++++------- 2014/8xxx/CVE-2014-8234.json | 34 +-- 2014/8xxx/CVE-2014-8354.json | 150 +++++------ 2014/8xxx/CVE-2014-8360.json | 160 ++++++------ 2014/8xxx/CVE-2014-8915.json | 34 +-- 2014/9xxx/CVE-2014-9245.json | 130 +++++----- 2014/9xxx/CVE-2014-9347.json | 140 +++++----- 2014/9xxx/CVE-2014-9995.json | 132 +++++----- 2014/9xxx/CVE-2014-9996.json | 132 +++++----- 2016/2xxx/CVE-2016-2250.json | 34 +-- 2016/2xxx/CVE-2016-2852.json | 34 +-- 2016/2xxx/CVE-2016-2893.json | 34 +-- 2016/6xxx/CVE-2016-6270.json | 140 +++++----- 2016/6xxx/CVE-2016-6644.json | 140 +++++----- 2016/6xxx/CVE-2016-6803.json | 148 +++++------ 2016/6xxx/CVE-2016-6882.json | 160 ++++++------ 2016/7xxx/CVE-2016-7204.json | 140 +++++----- 2016/7xxx/CVE-2016-7755.json | 34 +-- 2016/7xxx/CVE-2016-7924.json | 170 ++++++------- 46 files changed, 3264 insertions(+), 3264 deletions(-) diff --git a/2006/0xxx/CVE-2006-0154.json b/2006/0xxx/CVE-2006-0154.json index c2172f674aa..61e60be7431 100644 --- a/2006/0xxx/CVE-2006-0154.json +++ b/2006/0xxx/CVE-2006-0154.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421326/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/18/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/18/summary.html" - }, - { - "name" : "16169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16169" - }, - { - "name" : "ADV-2006-0091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0091" - }, - { - "name" : "22275", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22275" - }, - { - "name" : "18354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18354" - }, - { - "name" : "427bb-showthread-sql-injection(24039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421326/100/0/threaded" + }, + { + "name": "18354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18354" + }, + { + "name": "ADV-2006-0091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0091" + }, + { + "name": "22275", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22275" + }, + { + "name": "http://evuln.com/vulns/18/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/18/summary.html" + }, + { + "name": "16169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16169" + }, + { + "name": "427bb-showthread-sql-injection(24039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24039" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0419.json b/2006/0xxx/CVE-2006-0419.json index fe857a25312..9bf867b9385 100644 --- a/2006/0xxx/CVE-2006-0419.json +++ b/2006/0xxx/CVE-2006-0419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-81.01", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/163" - }, - { - "name" : "1015528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015528" + }, + { + "name": "BEA06-81.01", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/163" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0597.json b/2006/0xxx/CVE-2006-0597.json index 9913ab780e7..1e17f413bf6 100644 --- a/2006/0xxx/CVE-2006-0597.json +++ b/2006/0xxx/CVE-2006-0597.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long \"revision attributes\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/0001-r1333-Fixed-crashes-with-very-long-revisions-attributes.txt?bug=349528;msg=15;att=1", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/0001-r1333-Fixed-crashes-with-very-long-revisions-attributes.txt?bug=349528;msg=15;att=1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" - }, - { - "name" : "DSA-967", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-967" - }, - { - "name" : "16579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16579" - }, - { - "name" : "18783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18783" - }, - { - "name" : "elog-elogd-bo(24704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long \"revision attributes\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/0001-r1333-Fixed-crashes-with-very-long-revisions-attributes.txt?bug=349528;msg=15;att=1", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/0001-r1333-Fixed-crashes-with-very-long-revisions-attributes.txt?bug=349528;msg=15;att=1" + }, + { + "name": "elog-elogd-bo(24704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24704" + }, + { + "name": "16579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16579" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" + }, + { + "name": "18783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18783" + }, + { + "name": "DSA-967", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-967" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0746.json b/2006/0xxx/CVE-2006-0746.json index 0cf0a96e833..3ecdcb1c46a 100644 --- a/2006/0xxx/CVE-2006-0746.json +++ b/2006/0xxx/CVE-2006-0746.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060310 [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427299/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20060202-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20060202-1.txt" - }, - { - "name" : "DSA-1008", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1008" - }, - { - "name" : "MDKSA-2006:054", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:054" - }, - { - "name" : "RHSA-2006:0262", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0262.html" - }, - { - "name" : "17039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17039" - }, - { - "name" : "oval:org.mitre.oval:def:11441", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11441" - }, - { - "name" : "1015751", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015751" - }, - { - "name" : "19189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19189" - }, - { - "name" : "19190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19190" - }, - { - "name" : "19264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19264" - }, - { - "name" : "566", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/566" - }, - { - "name" : "kde-kpdf-patch-bo(25146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0262", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0262.html" + }, + { + "name": "DSA-1008", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1008" + }, + { + "name": "MDKSA-2006:054", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:054" + }, + { + "name": "20060310 [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427299/100/0/threaded" + }, + { + "name": "19190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19190" + }, + { + "name": "19264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19264" + }, + { + "name": "19189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19189" + }, + { + "name": "17039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17039" + }, + { + "name": "kde-kpdf-patch-bo(25146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25146" + }, + { + "name": "oval:org.mitre.oval:def:11441", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11441" + }, + { + "name": "http://www.kde.org/info/security/advisory-20060202-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20060202-1.txt" + }, + { + "name": "566", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/566" + }, + { + "name": "1015751", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015751" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0901.json b/2006/0xxx/CVE-2006-0901.json index 5f9ff1b4c12..c1f5be31607 100644 --- a/2006/0xxx/CVE-2006-0901.json +++ b/2006/0xxx/CVE-2006-0901.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102161", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102161-1" - }, - { - "name" : "16826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16826" - }, - { - "name" : "ADV-2006-0756", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0756" - }, - { - "name" : "oval:org.mitre.oval:def:1628", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1628" - }, - { - "name" : "1015680", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015680" - }, - { - "name" : "19042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19042" - }, - { - "name" : "solaris-hsfs-privilege-elevation(24911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102161", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102161-1" + }, + { + "name": "oval:org.mitre.oval:def:1628", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1628" + }, + { + "name": "1015680", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015680" + }, + { + "name": "solaris-hsfs-privilege-elevation(24911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24911" + }, + { + "name": "16826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16826" + }, + { + "name": "ADV-2006-0756", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0756" + }, + { + "name": "19042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19042" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1245.json b/2006/1xxx/CVE-2006-1245.json index a6b4f0510da..412aaefa095 100644 --- a/2006/1xxx/CVE-2006-1245.json +++ b/2006/1xxx/CVE-2006-1245.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" - }, - { - "name" : "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428810/100/0/threaded" - }, - { - "name" : "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453436/100/0/threaded" - }, - { - "name" : "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453554/100/0/threaded" - }, - { - "name" : "MS06-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" - }, - { - "name" : "TA06-101A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" - }, - { - "name" : "VU#984473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/984473" - }, - { - "name" : "17131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17131" - }, - { - "name" : "ADV-2006-1318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1318" - }, - { - "name" : "23964", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23964" - }, - { - "name" : "oval:org.mitre.oval:def:1451", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" - }, - { - "name" : "oval:org.mitre.oval:def:1569", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" - }, - { - "name" : "oval:org.mitre.oval:def:1599", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" - }, - { - "name" : "oval:org.mitre.oval:def:1632", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" - }, - { - "name" : "oval:org.mitre.oval:def:1766", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" - }, - { - "name" : "1015794", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015794" - }, - { - "name" : "19269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19269" - }, - { - "name" : "18957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18957" - }, - { - "name" : "ie-mshtml-bo(25292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the \"Multiple Event Handler Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015794", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015794" + }, + { + "name": "20061205 Re: MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453554/100/0/threaded" + }, + { + "name": "18957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18957" + }, + { + "name": "oval:org.mitre.oval:def:1569", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569" + }, + { + "name": "19269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19269" + }, + { + "name": "oval:org.mitre.oval:def:1451", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451" + }, + { + "name": "20060325 Re: [optimized PoC] Remote overflow in MSIE script action handlers (mshtml.dll)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428810/100/0/threaded" + }, + { + "name": "TA06-101A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" + }, + { + "name": "oval:org.mitre.oval:def:1632", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632" + }, + { + "name": "ie-mshtml-bo(25292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25292" + }, + { + "name": "17131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17131" + }, + { + "name": "20060316 Remote overflow in MSIE script action handlers (mshtml.dll)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html" + }, + { + "name": "oval:org.mitre.oval:def:1599", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599" + }, + { + "name": "20061203 MS Internet Explorer 6.0 (mshtml.dll) Denial of Service Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453436/100/0/threaded" + }, + { + "name": "VU#984473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/984473" + }, + { + "name": "MS06-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" + }, + { + "name": "oval:org.mitre.oval:def:1766", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766" + }, + { + "name": "ADV-2006-1318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1318" + }, + { + "name": "23964", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23964" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4180.json b/2006/4xxx/CVE-2006-4180.json index 869054d54c7..137dd2df225 100644 --- a/2006/4xxx/CVE-2006-4180.json +++ b/2006/4xxx/CVE-2006-4180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4180", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a reservation duplicate of another identifier and was never published. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4180", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a reservation duplicate of another identifier and was never published. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4736.json b/2006/4xxx/CVE-2006-4736.json index 0f6aea736c8..16db7ef08c2 100644 --- a/2006/4xxx/CVE-2006-4736.json +++ b/2006/4xxx/CVE-2006-4736.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 CMS.R. the Content Management System admin authentication baypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445789/100/0/threaded" - }, - { - "name" : "19950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19950" - }, - { - "name" : "ADV-2006-3561", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3561" - }, - { - "name" : "21860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21860" - }, - { - "name" : "1563", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1563" - }, - { - "name" : "cmsr-index-sql-injection(28877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3561", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3561" + }, + { + "name": "cmsr-index-sql-injection(28877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28877" + }, + { + "name": "1563", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1563" + }, + { + "name": "20060911 CMS.R. the Content Management System admin authentication baypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445789/100/0/threaded" + }, + { + "name": "21860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21860" + }, + { + "name": "19950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19950" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5841.json b/2006/5xxx/CVE-2006-5841.json index f6dceb87b96..ee95a7cfd59 100644 --- a/2006/5xxx/CVE-2006-5841.json +++ b/2006/5xxx/CVE-2006-5841.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061120 DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452130/100/0/threaded" - }, - { - "name" : "2742", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2742" - }, - { - "name" : "ADV-2006-4414", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4414" - }, - { - "name" : "30248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30248" - }, - { - "name" : "22775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22775" - }, - { - "name" : "dodosmail-dodosmail-file-include(30099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4414", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4414" + }, + { + "name": "20061120 DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452130/100/0/threaded" + }, + { + "name": "dodosmail-dodosmail-file-include(30099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30099" + }, + { + "name": "2742", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2742" + }, + { + "name": "30248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30248" + }, + { + "name": "22775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22775" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5867.json b/2006/5xxx/CVE-2006-5867.json index 13638f74bbb..a72e17f756e 100644 --- a/2006/5xxx/CVE-2006-5867.json +++ b/2006/5xxx/CVE-2006-5867.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070105 fetchmail security announcement 2006-02 (CVE-2006-5867)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456115/100/0/threaded" - }, - { - "name" : "20070218 Re: [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460528/100/0/threaded" - }, - { - "name" : "http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt", - "refsource" : "CONFIRM", - "url" : "http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-919", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-919" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305391", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305391" - }, - { - "name" : "APPLE-SA-2007-04-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html" - }, - { - "name" : "DSA-1259", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1259" - }, - { - "name" : "FEDORA-2007-041", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2429" - }, - { - "name" : "GLSA-200701-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-13.xml" - }, - { - "name" : "MDKSA-2007:016", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:016" - }, - { - "name" : "OpenPKG-SA-2007.004", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html" - }, - { - "name" : "RHSA-2007:0018", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0018.html" - }, - { - "name" : "20070201-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc" - }, - { - "name" : "SSA:2007-024-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995" - }, - { - "name" : "SUSE-SR:2007:004", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_4_sr.html" - }, - { - "name" : "2007-0007", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0007" - }, - { - "name" : "USN-405-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-405-1" - }, - { - "name" : "TA07-109A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-109A.html" - }, - { - "name" : "21903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21903" - }, - { - "name" : "oval:org.mitre.oval:def:10566", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566" - }, - { - "name" : "ADV-2007-0087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0087" - }, - { - "name" : "ADV-2007-0088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0088" - }, - { - "name" : "ADV-2007-1470", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1470" - }, - { - "name" : "31580", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31580" - }, - { - "name" : "1017478", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017478" - }, - { - "name" : "23631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23631" - }, - { - "name" : "23695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23695" - }, - { - "name" : "23714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23714" - }, - { - "name" : "23781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23781" - }, - { - "name" : "23804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23804" - }, - { - "name" : "23838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23838" - }, - { - "name" : "23923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23923" - }, - { - "name" : "24007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24007" - }, - { - "name" : "24151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24151" - }, - { - "name" : "24174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24174" - }, - { - "name" : "24966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24966" - }, - { - "name" : "24284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2007-024-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995" + }, + { + "name": "USN-405-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-405-1" + }, + { + "name": "24966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24966" + }, + { + "name": "31580", + "refsource": "OSVDB", + "url": "http://osvdb.org/31580" + }, + { + "name": "23781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23781" + }, + { + "name": "24174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24174" + }, + { + "name": "DSA-1259", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1259" + }, + { + "name": "23838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23838" + }, + { + "name": "24151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24151" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305391", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305391" + }, + { + "name": "23714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23714" + }, + { + "name": "21903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21903" + }, + { + "name": "24284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24284" + }, + { + "name": "23631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23631" + }, + { + "name": "24007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24007" + }, + { + "name": "23804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23804" + }, + { + "name": "20070105 fetchmail security announcement 2006-02 (CVE-2006-5867)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456115/100/0/threaded" + }, + { + "name": "ADV-2007-0088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0088" + }, + { + "name": "SUSE-SR:2007:004", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html" + }, + { + "name": "TA07-109A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html" + }, + { + "name": "23695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23695" + }, + { + "name": "http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt", + "refsource": "CONFIRM", + "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt" + }, + { + "name": "MDKSA-2007:016", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:016" + }, + { + "name": "FEDORA-2007-041", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2429" + }, + { + "name": "23923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23923" + }, + { + "name": "OpenPKG-SA-2007.004", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html" + }, + { + "name": "2007-0007", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0007" + }, + { + "name": "20070218 Re: [SECURITY] [DSA 1259-1] New fetchmail packages fix information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460528/100/0/threaded" + }, + { + "name": "GLSA-200701-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml" + }, + { + "name": "1017478", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017478" + }, + { + "name": "https://issues.rpath.com/browse/RPL-919", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-919" + }, + { + "name": "20070201-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc" + }, + { + "name": "APPLE-SA-2007-04-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html" + }, + { + "name": "ADV-2007-1470", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1470" + }, + { + "name": "ADV-2007-0087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0087" + }, + { + "name": "RHSA-2007:0018", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0018.html" + }, + { + "name": "oval:org.mitre.oval:def:10566", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5997.json b/2006/5xxx/CVE-2006-5997.json index f8e5597762e..9d2464217d3 100644 --- a/2006/5xxx/CVE-2006-5997.json +++ b/2006/5xxx/CVE-2006-5997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5997", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5997", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0021.json b/2010/0xxx/CVE-2010-0021.json index b1fba74524e..f395d8c1a21 100644 --- a/2010/0xxx/CVE-2010-0021.json +++ b/2010/0xxx/CVE-2010-0021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka \"SMB Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8524", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka \"SMB Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012" + }, + { + "name": "oval:org.mitre.oval:def:8524", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8524" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2090.json b/2010/2xxx/CVE-2010-2090.json index bfbee3bbf55..c82d217482f 100644 --- a/2010/2xxx/CVE-2010-2090.json +++ b/2010/2xxx/CVE-2010-2090.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24013012", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24013012" - }, - { - "name" : "IZ68810", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810" - }, - { - "name" : "JR36026", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026" - }, - { - "name" : "40372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40372" - }, - { - "name" : "39909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39909" - }, - { - "name" : "ADV-2010-1244", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1244" - }, - { - "name" : "csa-appc-dos(58874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1244", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1244" + }, + { + "name": "40372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40372" + }, + { + "name": "39909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39909" + }, + { + "name": "JR36026", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026" + }, + { + "name": "IZ68810", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810" + }, + { + "name": "csa-appc-dos(58874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58874" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2731.json b/2010/2xxx/CVE-2010-2731.json index 95c52fd7793..1684a92dfa8 100644 --- a/2010/2xxx/CVE-2010-2731.json +++ b/2010/2xxx/CVE-2010-2731.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka \"Directory Authentication Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065" - }, - { - "name" : "oval:org.mitre.oval:def:6942", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka \"Directory Authentication Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065" + }, + { + "name": "oval:org.mitre.oval:def:6942", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6942" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2913.json b/2010/2xxx/CVE-2010-2913.json index 03992934551..c788ebd1faa 100644 --- a/2010/2xxx/CVE-2010-2913.json +++ b/2010/2xxx/CVE-2010-2913.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://itunes.apple.com/us/app/citi-mobile-sm/id301724680", - "refsource" : "MISC", - "url" : "http://itunes.apple.com/us/app/citi-mobile-sm/id301724680" - }, - { - "name" : "http://news.cnet.com/8301-27080_3-20011664-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20011664-245.html" - }, - { - "name" : "1024249", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024249" - }, - { - "name" : "citimobile-data-information-disclosure(60855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://news.cnet.com/8301-27080_3-20011664-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20011664-245.html" + }, + { + "name": "1024249", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024249" + }, + { + "name": "http://itunes.apple.com/us/app/citi-mobile-sm/id301724680", + "refsource": "MISC", + "url": "http://itunes.apple.com/us/app/citi-mobile-sm/id301724680" + }, + { + "name": "citimobile-data-information-disclosure(60855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60855" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2957.json b/2010/2xxx/CVE-2010-2957.json index f3eac1f4b1a..d600a4d8826 100644 --- a/2010/2xxx/CVE-2010-2957.json +++ b/2010/2xxx/CVE-2010-2957.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100829 CVE request: serendipity < 1.5.4 xss", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/29/3" - }, - { - "name" : "[oss-security] 20100831 Re: CVE request: serendipity < 1.5.4 xss", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/31/5" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html" - }, - { - "name" : "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100829 CVE request: serendipity < 1.5.4 xss", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/29/3" + }, + { + "name": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html" + }, + { + "name": "[oss-security] 20100831 Re: CVE request: serendipity < 1.5.4 xss", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/31/5" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3075.json b/2010/3xxx/CVE-2010-3075.json index 83647ae85e2..24db502a194 100644 --- a/2010/3xxx/CVE-2010-3075.json +++ b/2010/3xxx/CVE-2010-3075.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100826 Multiple Vulnerabilities in EncFS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html" - }, - { - "name" : "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/05/3" - }, - { - "name" : "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/06/1" - }, - { - "name" : "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/07/8" - }, - { - "name" : "http://www.arg0.net/encfs", - "refsource" : "CONFIRM", - "url" : "http://www.arg0.net/encfs" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460" - }, - { - "name" : "FEDORA-2010-14200", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html" - }, - { - "name" : "FEDORA-2010-14254", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html" - }, - { - "name" : "FEDORA-2010-14268", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html" - }, - { - "name" : "41158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41158" - }, - { - "name" : "41478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41478" - }, - { - "name" : "ADV-2010-2414", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41158" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=630460", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630460" + }, + { + "name": "41478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41478" + }, + { + "name": "FEDORA-2010-14268", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html" + }, + { + "name": "FEDORA-2010-14200", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html" + }, + { + "name": "20100826 Multiple Vulnerabilities in EncFS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html" + }, + { + "name": "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/05/3" + }, + { + "name": "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/07/8" + }, + { + "name": "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/06/1" + }, + { + "name": "ADV-2010-2414", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2414" + }, + { + "name": "http://www.arg0.net/encfs", + "refsource": "CONFIRM", + "url": "http://www.arg0.net/encfs" + }, + { + "name": "FEDORA-2010-14254", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3109.json b/2010/3xxx/CVE-2010-3109.json index 4265796ca51..b34c27735e3 100644 --- a/2010/3xxx/CVE-2010-3109.json +++ b/2010/3xxx/CVE-2010-3109.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-140/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-140/" - }, - { - "name" : "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=ftwZBxEFjIg~" - }, - { - "name" : "oval:org.mitre.oval:def:12046", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-140/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-140/" + }, + { + "name": "oval:org.mitre.oval:def:12046", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12046" + }, + { + "name": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3240.json b/2010/3xxx/CVE-2010-3240.json index 72b71eba499..0cd69dbabfd 100644 --- a/2010/3xxx/CVE-2010-3240.json +++ b/2010/3xxx/CVE-2010-3240.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Real Time Data Array Record Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7196", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Real Time Data Array Record Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7196", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7196" + }, + { + "name": "MS10-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3320.json b/2010/3xxx/CVE-2010-3320.json index 004467589ca..f7b522c7729 100644 --- a/2010/3xxx/CVE-2010-3320.json +++ b/2010/3xxx/CVE-2010-3320.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PJ37426", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426" - }, - { - "name" : "43136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43136" - }, - { - "name" : "41344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43136" + }, + { + "name": "41344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41344" + }, + { + "name": "PJ37426", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4192.json b/2010/4xxx/CVE-2010-4192.json index c4f32b0fcf0..99d4404589c 100644 --- a/2010/4xxx/CVE-2010-4192.json +++ b/2010/4xxx/CVE-2010-4192.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-4192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516322/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-078", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-078" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" - }, - { - "name" : "46326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46326" - }, - { - "name" : "1025056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025056" - }, - { - "name" : "ADV-2011-0335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46326" + }, + { + "name": "ADV-2011-0335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0335" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html" + }, + { + "name": "20110208 ZDI-11-078: Adobe Shockwave Player FFFFFF88 Record Count Element Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516322/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-078", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-078" + }, + { + "name": "1025056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025056" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4562.json b/2010/4xxx/CVE-2010-4562.json index c7305b2ab47..0ede7e1b5b4 100644 --- a/2010/4xxx/CVE-2010-4562.json +++ b/2010/4xxx/CVE-2010-4562.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Apr/254" - }, - { - "name" : "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", - "refsource" : "MLIST", - "url" : "http://seclists.org/dailydave/2011/q2/25" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Apr/254" + }, + { + "name": "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", + "refsource": "MLIST", + "url": "http://seclists.org/dailydave/2011/q2/25" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4701.json b/2010/4xxx/CVE-2010-4701.json index 4871a57bb34..a727726357e 100644 --- a/2010/4xxx/CVE-2010-4701.json +++ b/2010/4xxx/CVE-2010-4701.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15839", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15839" - }, - { - "name" : "http://retrogod.altervista.org/9sg_cov_bof.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_cov_bof.html" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12689", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12689" - }, - { - "name" : "1024925", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024925" - }, - { - "name" : "42747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "42747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42747" + }, + { + "name": "oval:org.mitre.oval:def:12689", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12689" + }, + { + "name": "1024925", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024925" + }, + { + "name": "http://retrogod.altervista.org/9sg_cov_bof.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_cov_bof.html" + }, + { + "name": "15839", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15839" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4785.json b/2010/4xxx/CVE-2010-4785.json index 533cc372ffc..3b854d261f5 100644 --- a/2010/4xxx/CVE-2010-4785.json +++ b/2010/4xxx/CVE-2010-4785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029672", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029672" - }, - { - "name" : "IO11814", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO11814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IO11814", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO11814" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029672", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029672" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4931.json b/2010/4xxx/CVE-2010-4931.json index c39263facd8..d6fb907acbc 100644 --- a/2010/4xxx/CVE-2010-4931.json +++ b/2010/4xxx/CVE-2010-4931.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14647", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14647" - }, - { - "name" : "[vim] 20100816 PHP-Fusion Local File Inclusion Vulnerability", - "refsource" : "MLIST", - "url" : "http://attrition.org/pipermail/vim/2010-August/002391.html" - }, - { - "name" : "42456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42456" + }, + { + "name": "14647", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14647" + }, + { + "name": "[vim] 20100816 PHP-Fusion Local File Inclusion Vulnerability", + "refsource": "MLIST", + "url": "http://attrition.org/pipermail/vim/2010-August/002391.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3115.json b/2014/3xxx/CVE-2014-3115.json index 19182b03a82..3ff29b0e83d 100644 --- a/2014/3xxx/CVE-2014-3115.json +++ b/2014/3xxx/CVE-2014-3115.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140507 Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability (CVE-2014-3115)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/30" - }, - { - "name" : "http://www.fortiguard.com/advisory/FG-IR-14-013/", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/FG-IR-14-013/" - }, - { - "name" : "VU#902790", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/902790" - }, - { - "name" : "1030200", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortiguard.com/advisory/FG-IR-14-013/", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/FG-IR-14-013/" + }, + { + "name": "VU#902790", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/902790" + }, + { + "name": "20140507 Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability (CVE-2014-3115)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/30" + }, + { + "name": "1030200", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030200" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3957.json b/2014/3xxx/CVE-2014-3957.json index 4ffa8bd61cd..b06f0afbe72 100644 --- a/2014/3xxx/CVE-2014-3957.json +++ b/2014/3xxx/CVE-2014-3957.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3957", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3957", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4945.json b/2014/4xxx/CVE-2014-4945.json index 1a48fe31e53..b2851fd6373 100644 --- a/2014/4xxx/CVE-2014-4945.json +++ b/2014/4xxx/CVE-2014-4945.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2014/001025.html" - }, - { - "name" : "[announce] 20140707 [SECURITY] IMP 6.1.8 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2014/001019.html" - }, - { - "name" : "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES" - }, - { - "name" : "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES" - }, - { - "name" : "59770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59770" - }, - { - "name" : "59772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59772" + }, + { + "name": "[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2014/001025.html" + }, + { + "name": "59770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59770" + }, + { + "name": "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES" + }, + { + "name": "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES" + }, + { + "name": "[announce] 20140707 [SECURITY] IMP 6.1.8 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2014/001019.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8234.json b/2014/8xxx/CVE-2014-8234.json index 2318ef6add4..7ad490bfc50 100644 --- a/2014/8xxx/CVE-2014-8234.json +++ b/2014/8xxx/CVE-2014-8234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8234", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8234", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8354.json b/2014/8xxx/CVE-2014-8354.json index 4c3f3306fad..285b091b7ab 100644 --- a/2014/8xxx/CVE-2014-8354.json +++ b/2014/8xxx/CVE-2014-8354.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html" - }, - { - "name" : "https://int21.de/cve/CVE-2014-8354-ImageMagick-oob-heap-overflow.html", - "refsource" : "MISC", - "url" : "https://int21.de/cve/CVE-2014-8354-ImageMagick-oob-heap-overflow.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1158518", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1158518" - }, - { - "name" : "70830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1158518", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158518" + }, + { + "name": "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html" + }, + { + "name": "https://int21.de/cve/CVE-2014-8354-ImageMagick-oob-heap-overflow.html", + "refsource": "MISC", + "url": "https://int21.de/cve/CVE-2014-8354-ImageMagick-oob-heap-overflow.html" + }, + { + "name": "70830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70830" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8360.json b/2014/8xxx/CVE-2014-8360.json index bbcd60133d6..3d4b15195f8 100644 --- a/2014/8xxx/CVE-2014-8360.json +++ b/2014/8xxx/CVE-2014-8360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en", - "refsource" : "MISC", - "url" : "http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0017.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0017.html" - }, - { - "name" : "http://www.glpi-project.org/spip.php?page=annonce&id_breve=330", - "refsource" : "CONFIRM", - "url" : "http://www.glpi-project.org/spip.php?page=annonce&id_breve=330" - }, - { - "name" : "https://forge.indepnet.net/issues/5101", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/issues/5101" - }, - { - "name" : "MDVSA-2015:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2015:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:167" + }, + { + "name": "http://www.glpi-project.org/spip.php?page=annonce&id_breve=330", + "refsource": "CONFIRM", + "url": "http://www.glpi-project.org/spip.php?page=annonce&id_breve=330" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0017.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0017.html" + }, + { + "name": "http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en", + "refsource": "MISC", + "url": "http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en" + }, + { + "name": "https://forge.indepnet.net/issues/5101", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/issues/5101" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8915.json b/2014/8xxx/CVE-2014-8915.json index baae872b6da..be095f61593 100644 --- a/2014/8xxx/CVE-2014-8915.json +++ b/2014/8xxx/CVE-2014-8915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8915", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8915", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9245.json b/2014/9xxx/CVE-2014-9245.json index 96fc573577e..66ecca0b4fd 100644 --- a/2014/9xxx/CVE-2014-9245.json +++ b/2014/9xxx/CVE-2014-9245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-9245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9347.json b/2014/9xxx/CVE-2014-9347.json index c421dffa5e1..07168f47a3f 100644 --- a/2014/9xxx/CVE-2014-9347.json +++ b/2014/9xxx/CVE-2014-9347.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35365", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35365" - }, - { - "name" : "115038", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/115038" - }, - { - "name" : "phpmyrecipes-dosearch-sql-injection(99005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35365", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35365" + }, + { + "name": "115038", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/115038" + }, + { + "name": "phpmyrecipes-dosearch-sql-injection(99005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99005" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9995.json b/2014/9xxx/CVE-2014-9995.json index 878808b7b63..44b07629197 100644 --- a/2014/9xxx/CVE-2014-9995.json +++ b/2014/9xxx/CVE-2014-9995.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-9995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 400, SD 800" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Overflow." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-9995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 400, SD 800" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9996.json b/2014/9xxx/CVE-2014-9996.json index 3ea51f4787b..a6e46a1d054 100644 --- a/2014/9xxx/CVE-2014-9996.json +++ b/2014/9xxx/CVE-2014-9996.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-9996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 400, SD 800" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-9996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 400, SD 800" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2250.json b/2016/2xxx/CVE-2016-2250.json index a99a81eaf26..bcb253cf8af 100644 --- a/2016/2xxx/CVE-2016-2250.json +++ b/2016/2xxx/CVE-2016-2250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2250", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2550. Reason: This candidate is a duplicate of CVE-2016-2550. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-2550 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2250", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2550. Reason: This candidate is a duplicate of CVE-2016-2550. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-2550 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2852.json b/2016/2xxx/CVE-2016-2852.json index 4b29a17e29f..2ad320a0699 100644 --- a/2016/2xxx/CVE-2016-2852.json +++ b/2016/2xxx/CVE-2016-2852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2852", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2852", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2893.json b/2016/2xxx/CVE-2016-2893.json index 5356d3f2e3a..338eb517b4b 100644 --- a/2016/2xxx/CVE-2016-2893.json +++ b/2016/2xxx/CVE-2016-2893.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2893", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2893", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6270.json b/2016/6xxx/CVE-2016-6270.json index b0b74023d13..ea976da21dd 100644 --- a/2016/6xxx/CVE-2016-6270.json +++ b/2016/6xxx/CVE-2016-6270.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/", - "refsource" : "MISC", - "url" : "https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/" - }, - { - "name" : "https://success.trendmicro.com/solution/1115411", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1115411" - }, - { - "name" : "95884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95884" + }, + { + "name": "https://success.trendmicro.com/solution/1115411", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1115411" + }, + { + "name": "https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/", + "refsource": "MISC", + "url": "https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6644.json b/2016/6xxx/CVE-2016-6644.json index 36981002412..423b82a9b40 100644 --- a/2016/6xxx/CVE-2016-6644.json +++ b/2016/6xxx/CVE-2016-6644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-6644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Sep/18" - }, - { - "name" : "92906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92906" - }, - { - "name" : "1036796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92906" + }, + { + "name": "1036796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036796" + }, + { + "name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Sep/18" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6803.json b/2016/6xxx/CVE-2016-6803.json index e6d79725799..0ac429bfa28 100644 --- a/2016/6xxx/CVE-2016-6803.json +++ b/2016/6xxx/CVE-2016-6803.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-10-11T00:00:00", - "ID" : "CVE-2016-6803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenOffice", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0 to 4.1.2" - }, - { - "version_value" : "Older versions, including some using the previous OpenOffice.org brand, are also affected." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An installer defect known as an \"unquoted Windows search path vulnerability\" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Trojan Execution (on previously infected system)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-10-11T00:00:00", + "ID": "CVE-2016-6803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenOffice", + "version": { + "version_data": [ + { + "version_value": "4.0.0 to 4.1.2" + }, + { + "version_value": "Older versions, including some using the previous OpenOffice.org brand, are also affected." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.openoffice.org/security/cves/CVE-2016-6803.html", - "refsource" : "CONFIRM", - "url" : "https://www.openoffice.org/security/cves/CVE-2016-6803.html" - }, - { - "name" : "94418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94418" - }, - { - "name" : "1037015", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An installer defect known as an \"unquoted Windows search path vulnerability\" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Trojan Execution (on previously infected system)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94418" + }, + { + "name": "https://www.openoffice.org/security/cves/CVE-2016-6803.html", + "refsource": "CONFIRM", + "url": "https://www.openoffice.org/security/cves/CVE-2016-6803.html" + }, + { + "name": "1037015", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037015" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6882.json b/2016/6xxx/CVE-2016-6882.json index 12bd8e7d564..9e9c379594c 100644 --- a/2016/6xxx/CVE-2016-6882.json +++ b/2016/6xxx/CVE-2016-6882.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160819 Re: CVE request: MatrixSSL lack of RSA-CRT hardening", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/19/7" - }, - { - "name" : "https://access.redhat.com/blogs/766093/posts/1976703", - "refsource" : "MISC", - "url" : "https://access.redhat.com/blogs/766093/posts/1976703" - }, - { - "name" : "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", - "refsource" : "MISC", - "url" : "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf" - }, - { - "name" : "https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation", - "refsource" : "CONFIRM", - "url" : "https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation" - }, - { - "name" : "91488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160819 Re: CVE request: MatrixSSL lack of RSA-CRT hardening", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/19/7" + }, + { + "name": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", + "refsource": "MISC", + "url": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf" + }, + { + "name": "https://access.redhat.com/blogs/766093/posts/1976703", + "refsource": "MISC", + "url": "https://access.redhat.com/blogs/766093/posts/1976703" + }, + { + "name": "https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation", + "refsource": "CONFIRM", + "url": "https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation" + }, + { + "name": "91488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91488" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7204.json b/2016/7xxx/CVE-2016-7204.json index 9c7836ed900..aabb671430f 100644 --- a/2016/7xxx/CVE-2016-7204.json +++ b/2016/7xxx/CVE-2016-7204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge allows remote attackers to access arbitrary \"My Documents\" files via a crafted web site, aka \"Microsoft Edge Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-129", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" - }, - { - "name" : "93970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93970" - }, - { - "name" : "1037245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge allows remote attackers to access arbitrary \"My Documents\" files via a crafted web site, aka \"Microsoft Edge Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-129", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" + }, + { + "name": "93970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93970" + }, + { + "name": "1037245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037245" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7755.json b/2016/7xxx/CVE-2016-7755.json index 91dc66c68a2..6ea45963194 100644 --- a/2016/7xxx/CVE-2016-7755.json +++ b/2016/7xxx/CVE-2016-7755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7755", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7755", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7924.json b/2016/7xxx/CVE-2016-7924.json index c6e5256498d..bd178e6cf41 100644 --- a/2016/7xxx/CVE-2016-7924.json +++ b/2016/7xxx/CVE-2016-7924.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file