diff --git a/2007/2xxx/CVE-2007-2487.json b/2007/2xxx/CVE-2007-2487.json index cd4c5caa80a..a341d48ee99 100644 --- a/2007/2xxx/CVE-2007-2487.json +++ b/2007/2xxx/CVE-2007-2487.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070502 Atomix Mp3 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467374/100/0/threaded" - }, - { - "name" : "http://www.mexhackteam.org/prethoonker/descargas/Atomixb0f.zip", - "refsource" : "MISC", - "url" : "http://www.mexhackteam.org/prethoonker/descargas/Atomixb0f.zip" - }, - { - "name" : "23756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23756" - }, - { - "name" : "35532", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35532" - }, - { - "name" : "25126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25126" - }, - { - "name" : "2675", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2675" - }, - { - "name" : "atomixmp3-mp3-bo(34022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "atomixmp3-mp3-bo(34022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34022" + }, + { + "name": "2675", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2675" + }, + { + "name": "20070502 Atomix Mp3 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467374/100/0/threaded" + }, + { + "name": "23756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23756" + }, + { + "name": "35532", + "refsource": "OSVDB", + "url": "http://osvdb.org/35532" + }, + { + "name": "http://www.mexhackteam.org/prethoonker/descargas/Atomixb0f.zip", + "refsource": "MISC", + "url": "http://www.mexhackteam.org/prethoonker/descargas/Atomixb0f.zip" + }, + { + "name": "25126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25126" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2810.json b/2007/2xxx/CVE-2007-2810.json index d2176bc8cb4..547b333ccd3 100644 --- a/2007/2xxx/CVE-2007-2810.json +++ b/2007/2xxx/CVE-2007-2810.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23714" - }, - { - "name" : "25347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25347" - }, - { - "name" : "2715", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2715" - }, - { - "name" : "gazi-downindir-sql-injection(34409)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25347" + }, + { + "name": "gazi-downindir-sql-injection(34409)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34409" + }, + { + "name": "23714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23714" + }, + { + "name": "2715", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2715" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3024.json b/2007/3xxx/CVE-2007-3024.json index 7466bcd0509..2f870ede024 100644 --- a/2007/3xxx/CVE-2007-3024.json +++ b/2007/3xxx/CVE-2007-3024.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Clamav-announce] 20070530 announcing ClamAV 0.90.3", - "refsource" : "MLIST", - "url" : "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html" - }, - { - "name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-15.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-15.txt" - }, - { - "name" : "DSA-1320", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1320" - }, - { - "name" : "GLSA-200706-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-05.xml" - }, - { - "name" : "SUSE-SA:2007:033", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_33_clamav.html" - }, - { - "name" : "24358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24358" - }, - { - "name" : "25523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25523" - }, - { - "name" : "25525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25525" - }, - { - "name" : "25688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25688" - }, - { - "name" : "25796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25796" + }, + { + "name": "SUSE-SA:2007:033", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html" + }, + { + "name": "25525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25525" + }, + { + "name": "25523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25523" + }, + { + "name": "DSA-1320", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1320" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-15.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-15.txt" + }, + { + "name": "25688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25688" + }, + { + "name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3", + "refsource": "MLIST", + "url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517" + }, + { + "name": "24358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24358" + }, + { + "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" + }, + { + "name": "GLSA-200706-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3633.json b/2007/3xxx/CVE-2007-3633.json index 258d997f157..7aa6b4c5229 100644 --- a/2007/3xxx/CVE-2007-3633.json +++ b/2007/3xxx/CVE-2007-3633.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4160", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4160" - }, - { - "name" : "24806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24806" - }, - { - "name" : "48967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48967" - }, - { - "name" : "48968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48968" - }, - { - "name" : "ADV-2007-2464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2464" - }, - { - "name" : "37676", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37676" - }, - { - "name" : "25962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25962" - }, - { - "name" : "chilkat-zip-chilkatzip2-file-overwrite(35294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4160", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4160" + }, + { + "name": "37676", + "refsource": "OSVDB", + "url": "http://osvdb.org/37676" + }, + { + "name": "ADV-2007-2464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2464" + }, + { + "name": "48967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48967" + }, + { + "name": "chilkat-zip-chilkatzip2-file-overwrite(35294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35294" + }, + { + "name": "25962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25962" + }, + { + "name": "24806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24806" + }, + { + "name": "48968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48968" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6177.json b/2007/6xxx/CVE-2007-6177.json index 57a19c34506..8b97549069b 100644 --- a/2007/6xxx/CVE-2007-6177.json +++ b/2007/6xxx/CVE-2007-6177.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4670", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4670" - }, - { - "name" : "26622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26622" - }, - { - "name" : "38915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38915" - }, - { - "name" : "27852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27852" - }, - { - "name" : "phpcon-include-file-include(38679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38915", + "refsource": "OSVDB", + "url": "http://osvdb.org/38915" + }, + { + "name": "phpcon-include-file-include(38679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38679" + }, + { + "name": "26622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26622" + }, + { + "name": "27852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27852" + }, + { + "name": "4670", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4670" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6259.json b/2007/6xxx/CVE-2007-6259.json index 26a4eb37419..d15ed79b6e1 100644 --- a/2007/6xxx/CVE-2007-6259.json +++ b/2007/6xxx/CVE-2007-6259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6282.json b/2007/6xxx/CVE-2007-6282.json index ea1124724f6..ed94ac8ba31 100644 --- a/2007/6xxx/CVE-2007-6282.json +++ b/2007/6xxx/CVE-2007-6282.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-netdev] 20080222 [Patch] Crash (BUG()) when handling fragmented ESP packets", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=120372380411259&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=404291", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=404291" - }, - { - "name" : "DSA-1630", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1630" - }, - { - "name" : "RHSA-2008:0237", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0237.html" - }, - { - "name" : "RHSA-2008:0275", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0275.html" - }, - { - "name" : "RHSA-2008:0585", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" - }, - { - "name" : "SUSE-SA:2008:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" - }, - { - "name" : "SUSE-SA:2008:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" - }, - { - "name" : "USN-625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-625-1" - }, - { - "name" : "29081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29081" - }, - { - "name" : "oval:org.mitre.oval:def:10549", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10549" - }, - { - "name" : "30294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30294" - }, - { - "name" : "30818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30818" - }, - { - "name" : "30890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30890" - }, - { - "name" : "30962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30962" - }, - { - "name" : "31107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31107" - }, - { - "name" : "31628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31628" - }, - { - "name" : "31551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31551" - }, - { - "name" : "30112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30112" - }, - { - "name" : "linux-kernel-esp-dos(42276)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0275", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0275.html" + }, + { + "name": "30962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30962" + }, + { + "name": "DSA-1630", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1630" + }, + { + "name": "30294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30294" + }, + { + "name": "oval:org.mitre.oval:def:10549", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10549" + }, + { + "name": "RHSA-2008:0237", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0237.html" + }, + { + "name": "29081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29081" + }, + { + "name": "31551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31551" + }, + { + "name": "SUSE-SA:2008:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" + }, + { + "name": "RHSA-2008:0585", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=404291", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=404291" + }, + { + "name": "31107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31107" + }, + { + "name": "30890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30890" + }, + { + "name": "31628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31628" + }, + { + "name": "USN-625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-625-1" + }, + { + "name": "SUSE-SA:2008:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" + }, + { + "name": "linux-kernel-esp-dos(42276)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42276" + }, + { + "name": "30818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30818" + }, + { + "name": "[linux-netdev] 20080222 [Patch] Crash (BUG()) when handling fragmented ESP packets", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=120372380411259&w=2" + }, + { + "name": "30112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30112" + }, + { + "name": "SUSE-SA:2008:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6665.json b/2007/6xxx/CVE-2007-6665.json index 60325566a6b..19172bc8274 100644 --- a/2007/6xxx/CVE-2007-6665.json +++ b/2007/6xxx/CVE-2007-6665.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4824", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4824" - }, - { - "name" : "27085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27085" - }, - { - "name" : "39893", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39893" - }, - { - "name" : "oneschool-login-sql-injection(39349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39893", + "refsource": "OSVDB", + "url": "http://osvdb.org/39893" + }, + { + "name": "4824", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4824" + }, + { + "name": "27085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27085" + }, + { + "name": "oneschool-login-sql-injection(39349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39349" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6682.json b/2007/6xxx/CVE-2007-6682.json index e2113267661..c057f50214b 100644 --- a/2007/6xxx/CVE-2007-6682.json +++ b/2007/6xxx/CVE-2007-6682.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485488/30/0/threaded" - }, - { - "name" : "5519", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5519" - }, - { - "name" : "http://aluigi.altervista.org/adv/vlcboffs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/vlcboffs-adv.txt" - }, - { - "name" : "http://trac.videolan.org/vlc/changeset/23839", - "refsource" : "CONFIRM", - "url" : "http://trac.videolan.org/vlc/changeset/23839" - }, - { - "name" : "DSA-1543", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1543" - }, - { - "name" : "GLSA-200803-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml" - }, - { - "name" : "27015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27015" - }, - { - "name" : "42208", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42208" - }, - { - "name" : "oval:org.mitre.oval:def:14790", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790" - }, - { - "name" : "29284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29284" - }, - { - "name" : "29766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29766" - }, - { - "name" : "28233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28233" - }, - { - "name" : "3550", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29284" + }, + { + "name": "DSA-1543", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1543" + }, + { + "name": "3550", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3550" + }, + { + "name": "28233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28233" + }, + { + "name": "oval:org.mitre.oval:def:14790", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790" + }, + { + "name": "5519", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5519" + }, + { + "name": "27015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27015" + }, + { + "name": "42208", + "refsource": "OSVDB", + "url": "http://osvdb.org/42208" + }, + { + "name": "http://trac.videolan.org/vlc/changeset/23839", + "refsource": "CONFIRM", + "url": "http://trac.videolan.org/vlc/changeset/23839" + }, + { + "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded" + }, + { + "name": "29766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29766" + }, + { + "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt" + }, + { + "name": "GLSA-200803-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0048.json b/2010/0xxx/CVE-2010-0048.json index 501f4e0edd8..54a24850533 100644 --- a/2010/0xxx/CVE-2010-0048.json +++ b/2010/0xxx/CVE-2010-0048.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "oval:org.mitre.oval:def:7135", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7135" - }, - { - "name" : "1023708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023708" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "1023708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023708" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "oval:org.mitre.oval:def:7135", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7135" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0517.json b/2010/0xxx/CVE-2010-0517.json index 2ce4ae90a06..cd75d0ddcf4 100644 --- a/2010/0xxx/CVE-2010-0517.json +++ b/2010/0xxx/CVE-2010-0517.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100402 ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510511/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-037", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-037" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-03-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:6673", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6673", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6673" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "APPLE-SA-2010-03-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-037", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-037" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "20100402 ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510511/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0747.json b/2010/0xxx/CVE-2010-0747.json index e45e5e74fcd..2d19cd105e0 100644 --- a/2010/0xxx/CVE-2010-0747.json +++ b/2010/0xxx/CVE-2010-0747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1175.json b/2010/1xxx/CVE-2010-1175.json index c2b526d9a2e..92caec90e67 100644 --- a/2010/1xxx/CVE-2010-1175.json +++ b/2010/1xxx/CVE-2010-1175.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a \"0day Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100320 Internet Explorer 7.0 0day Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510280/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a \"0day Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100320 Internet Explorer 7.0 0day Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510280/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1647.json b/2010/1xxx/CVE-2010-1647.json index f29a6bd7190..83c513531ca 100644 --- a/2010/1xxx/CVE-2010-1647.json +++ b/2010/1xxx/CVE-2010-1647.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687" - }, - { - "name" : "FEDORA-2010-10779", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html" - }, - { - "name" : "FEDORA-2010-10848", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-10848", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=23687" + }, + { + "name": "[MediaWiki-announce] 20100528 MediaWiki security update: 1.15.4 and 1.16.0beta3", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html" + }, + { + "name": "FEDORA-2010-10779", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1686.json b/2010/1xxx/CVE-2010-1686.json index e0e126613be..7e63a129d11 100644 --- a/2010/1xxx/CVE-2010-1686.json +++ b/2010/1xxx/CVE-2010-1686.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034" - }, - { - "name" : "39699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39699" - }, - { - "name" : "39701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39701" - }, - { - "name" : "ADV-2010-1046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1046" - }, - { - "name" : "ADV-2010-1047", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1046" + }, + { + "name": "39699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39699" + }, + { + "name": "ADV-2010-1047", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1047" + }, + { + "name": "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034" + }, + { + "name": "39701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39701" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1832.json b/2010/1xxx/CVE-2010-1832.json index 2705a1d4e4a..50af8297c32 100644 --- a/2010/1xxx/CVE-2010-1832.json +++ b/2010/1xxx/CVE-2010-1832.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5171.json b/2010/5xxx/CVE-2010-5171.json index 0482242c470..37694255bce 100644 --- a/2010/5xxx/CVE-2010-5171.json +++ b/2010/5xxx/CVE-2010-5171.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0115.json b/2014/0xxx/CVE-2014-0115.json index ecb972f9682..936c1e41f85 100644 --- a/2014/0xxx/CVE-2014-0115.json +++ b/2014/0xxx/CVE-2014-0115.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[storm-dev] 20140429 [jira] [Commented] (STORM-269) Any readable file exposed via UI log viewer", - "refsource" : "MLIST", - "url" : "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645@arcas%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/STORM-269", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/STORM-269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[storm-dev] 20140429 [jira] [Commented] (STORM-269) Any readable file exposed via UI log viewer", + "refsource": "MLIST", + "url": "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645@arcas%3E" + }, + { + "name": "https://issues.apache.org/jira/browse/STORM-269", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/STORM-269" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0301.json b/2014/0xxx/CVE-2014-0301.json index e972f6ef573..9e76e813bb7 100644 --- a/2014/0xxx/CVE-2014-0301.json +++ b/2014/0xxx/CVE-2014-0301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka \"DirectShow Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka \"DirectShow Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-013" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0386.json b/2014/0xxx/CVE-2014-0386.json index 147e37891e8..6c79b361301 100644 --- a/2014/0xxx/CVE-2014-0386.json +++ b/2014/0xxx/CVE-2014-0386.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "DSA-2845", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2845" - }, - { - "name" : "DSA-2848", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2848" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0164", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2086-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2086-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64904" - }, - { - "name" : "102069", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102069" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "56541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56541" - }, - { - "name" : "56580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56580" - }, - { - "name" : "oracle-cpujan2014-cve20140386(90380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2086-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2086-1" + }, + { + "name": "102069", + "refsource": "OSVDB", + "url": "http://osvdb.org/102069" + }, + { + "name": "64904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64904" + }, + { + "name": "DSA-2845", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2845" + }, + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "56541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56541" + }, + { + "name": "DSA-2848", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2848" + }, + { + "name": "56580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56580" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "RHSA-2014:0164", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "oracle-cpujan2014-cve20140386(90380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90380" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0827.json b/2014/0xxx/CVE-2014-0827.json index 9777220f35d..73c69127063 100644 --- a/2014/0xxx/CVE-2014-0827.json +++ b/2014/0xxx/CVE-2014-0827.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669093", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669093" - }, - { - "name" : "66621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66621" - }, - { - "name" : "ibm-infosphere-cve20140827-xss(90503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669093", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669093" + }, + { + "name": "ibm-infosphere-cve20140827-xss(90503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90503" + }, + { + "name": "66621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66621" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0936.json b/2014/0xxx/CVE-2014-0936.json index 5e3bdad49c7..12d24ebcc49 100644 --- a/2014/0xxx/CVE-2014-0936.json +++ b/2014/0xxx/CVE-2014-0936.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674750", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674750" - }, - { - "name" : "ibm-appscan-cve20140936-priv-escalation(92317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-appscan-cve20140936-priv-escalation(92317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92317" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674750", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674750" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1285.json b/2014/1xxx/CVE-2014-1285.json index 49c02341296..49247ccea66 100644 --- a/2014/1xxx/CVE-2014-1285.json +++ b/2014/1xxx/CVE-2014-1285.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1445.json b/2014/1xxx/CVE-2014-1445.json index 5414372f327..5395e037028 100644 --- a/2014/1xxx/CVE-2014-1445.json +++ b/2014/1xxx/CVE-2014-1445.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/15/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1053613", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1053613" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" - }, - { - "name" : "USN-2128-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2128-1" - }, - { - "name" : "USN-2129-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2129-1" - }, - { - "name" : "64953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64953" - }, - { - "name" : "linux-kernel-cve20141445-info-disc(90444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2129-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2129-1" + }, + { + "name": "USN-2128-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2128-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1053613", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053613" + }, + { + "name": "linux-kernel-cve20141445-info-disc(90444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90444" + }, + { + "name": "[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/15/3" + }, + { + "name": "https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" + }, + { + "name": "64953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64953" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1586.json b/2014/1xxx/CVE-2014-1586.json index 728e9138d78..5343ac80049 100644 --- a/2014/1xxx/CVE-2014-1586.json +++ b/2014/1xxx/CVE-2014-1586.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-81.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-81.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1062981", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1062981" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3050", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3050" - }, - { - "name" : "DSA-3061", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3061" - }, - { - "name" : "FEDORA-2014-13042", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html" - }, - { - "name" : "FEDORA-2014-14084", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2014:1343", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html" - }, - { - "name" : "openSUSE-SU-2014:1346", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html" - }, - { - "name" : "openSUSE-SU-2014:1344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:1345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "USN-2372-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2372-1" - }, - { - "name" : "USN-2373-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2373-1" - }, - { - "name" : "70427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70427" - }, - { - "name" : "1031028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031028" - }, - { - "name" : "1031030", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031030" - }, - { - "name" : "61387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61387" - }, - { - "name" : "62021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62021" - }, - { - "name" : "62022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62022" - }, - { - "name" : "62023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62021" + }, + { + "name": "openSUSE-SU-2015:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" + }, + { + "name": "openSUSE-SU-2014:1344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" + }, + { + "name": "openSUSE-SU-2014:1346", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html" + }, + { + "name": "FEDORA-2014-13042", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-81.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-81.html" + }, + { + "name": "1031028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031028" + }, + { + "name": "openSUSE-SU-2014:1345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" + }, + { + "name": "USN-2373-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2373-1" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "FEDORA-2014-14084", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html" + }, + { + "name": "61387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61387" + }, + { + "name": "USN-2372-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2372-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "62022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62022" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1062981", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1062981" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "1031030", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031030" + }, + { + "name": "62023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62023" + }, + { + "name": "openSUSE-SU-2014:1343", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html" + }, + { + "name": "DSA-3050", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3050" + }, + { + "name": "70427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70427" + }, + { + "name": "DSA-3061", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3061" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1755.json b/2014/1xxx/CVE-2014-1755.json index 5690864bf45..4d4b155fb51 100644 --- a/2014/1xxx/CVE-2014-1755.json +++ b/2014/1xxx/CVE-2014-1755.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0235 and CVE-2014-1751." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0235 and CVE-2014-1751." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1862.json b/2014/1xxx/CVE-2014-1862.json index 14f788d3aed..a0fee38ba52 100644 --- a/2014/1xxx/CVE-2014-1862.json +++ b/2014/1xxx/CVE-2014-1862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1862", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1862", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4320.json b/2014/4xxx/CVE-2014-4320.json index df6a0f54e52..eda89ddb939 100644 --- a/2014/4xxx/CVE-2014-4320.json +++ b/2014/4xxx/CVE-2014-4320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4690.json b/2014/4xxx/CVE-2014-4690.json index 0562730020d..164f97b0147 100644 --- a/2014/4xxx/CVE-2014-4690.json +++ b/2014/4xxx/CVE-2014-4690.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup parameter to system_firmware_restorefullbackup.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc", - "refsource" : "CONFIRM", - "url" : "https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup parameter to system_firmware_restorefullbackup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc", + "refsource": "CONFIRM", + "url": "https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4991.json b/2014/4xxx/CVE-2014-4991.json index 466ee8c6157..b13c78594d0 100644 --- a/2014/4xxx/CVE-2014-4991.json +++ b/2014/4xxx/CVE-2014-4991.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/8" - }, - { - "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html" - }, - { - "name" : "68733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/17/5" + }, + { + "name": "68733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68733" + }, + { + "name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/07/8" + }, + { + "name": "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/codders-dataset-1.3.2.1.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5102.json b/2014/5xxx/CVE-2014-5102.json index 47dc0891a9e..70f56223755 100644 --- a/2014/5xxx/CVE-2014-5102.json +++ b/2014/5xxx/CVE-2014-5102.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127537/vBulletin-5.1.2-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127537/vBulletin-5.1.2-SQL-Injection.html" - }, - { - "name" : "http://www.pcworld.com/article/2455500/emergency-vbulletin-patch-fixes-dangerous-sql-injection-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.pcworld.com/article/2455500/emergency-vbulletin-patch-fixes-dangerous-sql-injection-vulnerability.html" - }, - { - "name" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4097503-security-patch-release-for-vbulletin-5-0-4-5-0-5-5-1-0-5-1-1-and-5-1-2", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4097503-security-patch-release-for-vbulletin-5-0-4-5-0-5-5-1-0-5-1-1-and-5-1-2" - }, - { - "name" : "68709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pcworld.com/article/2455500/emergency-vbulletin-patch-fixes-dangerous-sql-injection-vulnerability.html", + "refsource": "MISC", + "url": "http://www.pcworld.com/article/2455500/emergency-vbulletin-patch-fixes-dangerous-sql-injection-vulnerability.html" + }, + { + "name": "68709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68709" + }, + { + "name": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4097503-security-patch-release-for-vbulletin-5-0-4-5-0-5-5-1-0-5-1-1-and-5-1-2", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4097503-security-patch-release-for-vbulletin-5-0-4-5-0-5-5-1-0-5-1-1-and-5-1-2" + }, + { + "name": "http://packetstormsecurity.com/files/127537/vBulletin-5.1.2-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127537/vBulletin-5.1.2-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5396.json b/2014/5xxx/CVE-2014-5396.json index edaaa8f6109..3d5da4a8707 100644 --- a/2014/5xxx/CVE-2014-5396.json +++ b/2014/5xxx/CVE-2014-5396.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the \"user\" account, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140710 SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/40" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the \"user\" account, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140710 SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/40" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5551.json b/2014/5xxx/CVE-2014-5551.json index e4f3dc7b9be..fb2c58057f5 100644 --- a/2014/5xxx/CVE-2014-5551.json +++ b/2014/5xxx/CVE-2014-5551.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#663545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/663545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#663545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/663545" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5589.json b/2014/5xxx/CVE-2014-5589.json index 5ab664090be..12f74139ec7 100644 --- a/2014/5xxx/CVE-2014-5589.json +++ b/2014/5xxx/CVE-2014-5589.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application Material for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#988353", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/988353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application Material for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#988353", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/988353" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5722.json b/2014/5xxx/CVE-2014-5722.json index 36e2751e4cc..7857bf675c1 100644 --- a/2014/5xxx/CVE-2014-5722.json +++ b/2014/5xxx/CVE-2014-5722.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#825905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/825905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#825905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/825905" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10077.json b/2016/10xxx/CVE-2016-10077.json index f98f423f391..fd158e53e75 100644 --- a/2016/10xxx/CVE-2016-10077.json +++ b/2016/10xxx/CVE-2016-10077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10199.json b/2016/10xxx/CVE-2016-10199.json index 73c8abfe81c..2577d5954d2 100644 --- a/2016/10xxx/CVE-2016-10199.json +++ b/2016/10xxx/CVE-2016-10199.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=775451", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=775451" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" - }, - { - "name" : "DSA-3820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3820" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "DSA-3820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3820" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=775451", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=775451" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3259.json b/2016/3xxx/CVE-2016-3259.json index 619c4b20991..fd6246d392e 100644 --- a/2016/3xxx/CVE-2016-3259.json +++ b/2016/3xxx/CVE-2016-3259.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-084", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" - }, - { - "name" : "MS16-085", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" - }, - { - "name" : "91581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91581" - }, - { - "name" : "1036283", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036283", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036283" + }, + { + "name": "91581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91581" + }, + { + "name": "MS16-084", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" + }, + { + "name": "MS16-085", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3333.json b/2016/3xxx/CVE-2016-3333.json index 4b14051351a..c224696e46d 100644 --- a/2016/3xxx/CVE-2016-3333.json +++ b/2016/3xxx/CVE-2016-3333.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" - }, - { - "name" : "94009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94009" - }, - { - "name" : "1037252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037252" + }, + { + "name": "94009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94009" + }, + { + "name": "MS16-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3401.json b/2016/3xxx/CVE-2016-3401.json index 19ac597ccdf..44c5689bf1c 100644 --- a/2016/3xxx/CVE-2016-3401.json +++ b/2016/3xxx/CVE-2016-3401.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - }, - { - "name" : "95860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95860" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3438.json b/2016/3xxx/CVE-2016-3438.json index ebe785cac73..bf84a6ce45e 100644 --- a/2016/3xxx/CVE-2016-3438.json +++ b/2016/3xxx/CVE-2016-3438.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160830 Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/136" - }, - { - "name" : "http://onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3438", - "refsource" : "MISC", - "url" : "http://onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3438" - }, - { - "name" : "http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html" + }, + { + "name": "1035591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035591" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "20160830 Onapsis Security Advisory ONAPSIS-2016-018: Oracle E-Business Suite Cross Site Scripting (XSS) CVE-2016-3438", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/136" + }, + { + "name": "http://onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3438", + "refsource": "MISC", + "url": "http://onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3438" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3595.json b/2016/3xxx/CVE-2016-3595.json index 8f4b0c99c3b..70f7ac60dd5 100644 --- a/2016/3xxx/CVE-2016-3595.json +++ b/2016/3xxx/CVE-2016-3595.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91940" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91940" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3767.json b/2016/3xxx/CVE-2016-3767.json index 553ce47fa02..6e35593a1fa 100644 --- a/2016/3xxx/CVE-2016-3767.json +++ b/2016/3xxx/CVE-2016-3767.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8414.json b/2016/8xxx/CVE-2016-8414.json index 98e6755db06..452abde5fc2 100644 --- a/2016/8xxx/CVE-2016-8414.json +++ b/2016/8xxx/CVE-2016-8414.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96111" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96111" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8809.json b/2016/8xxx/CVE-2016-8809.json index 969dfb4fd7f..c572f968762 100644 --- a/2016/8xxx/CVE-2016-8809.json +++ b/2016/8xxx/CVE-2016-8809.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, and GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, and GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, and GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, and GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40664", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40664/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-10822", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-10822" - }, - { - "name" : "93992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40664", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40664/" + }, + { + "name": "93992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93992" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-10822", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-10822" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8953.json b/2016/8xxx/CVE-2016-8953.json index dca42e187c0..697ca1186b1 100644 --- a/2016/8xxx/CVE-2016-8953.json +++ b/2016/8xxx/CVE-2016-8953.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-10T00:00:00", - "ID" : "CVE-2016-8953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Sourcing", - "version" : { - "version_data" : [ - { - "version_value" : " 9.5" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.0.2" - }, - { - "version_value" : "10.0.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-10T00:00:00", + "ID": "CVE-2016-8953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Sourcing", + "version": { + "version_data": [ + { + "version_value": " 9.5" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.0.2" + }, + { + "version_value": "10.0.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005549", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005549" - }, - { - "name" : "99545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549" + }, + { + "name": "99545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99545" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9034.json b/2016/9xxx/CVE-2016-9034.json index f2f6e6a210b..03d6ebd903b 100644 --- a/2016/9xxx/CVE-2016-9034.json +++ b/2016/9xxx/CVE-2016-9034.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-9034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartOS", - "version" : { - "version_data" : [ - { - "version_value" : "OS 20161110T013148Z" - } - ] - } - } - ] - }, - "vendor_name" : "Joyent" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-9034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartOS", + "version": { + "version_data": [ + { + "version_value": "OS 20161110T013148Z" + } + ] + } + } + ] + }, + "vendor_name": "Joyent" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0252/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0252/" - }, - { - "name" : "94930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0252/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0252/" + }, + { + "name": "94930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94930" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9122.json b/2016/9xxx/CVE-2016-9122.json index 3cddb714f7b..2cf401f12ef 100644 --- a/2016/9xxx/CVE-2016-9122.json +++ b/2016/9xxx/CVE-2016-9122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Go JOSE All versions before 1.0.4", - "version" : { - "version_data" : [ - { - "version_value" : "Go JOSE All versions before 1.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptographic Issue" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Go JOSE All versions before 1.0.4", + "version": { + "version_data": [ + { + "version_value": "Go JOSE All versions before 1.0.4" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2016/11/03/1", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/03/1" - }, - { - "name" : "https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6", - "refsource" : "MISC", - "url" : "https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6" - }, - { - "name" : "https://hackerone.com/reports/169629", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/169629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issue" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/169629", + "refsource": "MISC", + "url": "https://hackerone.com/reports/169629" + }, + { + "name": "https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6", + "refsource": "MISC", + "url": "https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2016/11/03/1", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2016/11/03/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9185.json b/2016/9xxx/CVE-2016-9185.json index a348b5d91ce..ee6e5ce4e9b 100644 --- a/2016/9xxx/CVE-2016-9185.json +++ b/2016/9xxx/CVE-2016-9185.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ossa/+bug/1606500", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ossa/+bug/1606500" - }, - { - "name" : "RHSA-2017:1450", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1450" - }, - { - "name" : "RHSA-2017:1456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1456" - }, - { - "name" : "RHSA-2017:1464", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1464" - }, - { - "name" : "94205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94205" + }, + { + "name": "RHSA-2017:1464", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1464" + }, + { + "name": "RHSA-2017:1450", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1450" + }, + { + "name": "https://bugs.launchpad.net/ossa/+bug/1606500", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ossa/+bug/1606500" + }, + { + "name": "RHSA-2017:1456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1456" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9730.json b/2016/9xxx/CVE-2016-9730.json index 28f697a274f..0e8e65e512b 100644 --- a/2016/9xxx/CVE-2016-9730.json +++ b/2016/9xxx/CVE-2016-9730.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.1 MR1" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.1 MR2" - }, - { - "version_value" : "7" - }, - { - "version_value" : "7.1 MR2" - }, - { - "version_value" : "7.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.1 MR1" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.1 MR2" + }, + { + "version_value": "7" + }, + { + "version_value": "7.1 MR2" + }, + { + "version_value": "7.2.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999549", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999549", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999549" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2859.json b/2019/2xxx/CVE-2019-2859.json index d9f534ac5a1..0f6cb37294f 100644 --- a/2019/2xxx/CVE-2019-2859.json +++ b/2019/2xxx/CVE-2019-2859.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2859", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2859", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2929.json b/2019/2xxx/CVE-2019-2929.json index f1cdd9e47db..20a7f563539 100644 --- a/2019/2xxx/CVE-2019-2929.json +++ b/2019/2xxx/CVE-2019-2929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6093.json b/2019/6xxx/CVE-2019-6093.json index 2a46c5d521a..774ab4808b1 100644 --- a/2019/6xxx/CVE-2019-6093.json +++ b/2019/6xxx/CVE-2019-6093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6261.json b/2019/6xxx/CVE-2019-6261.json index 4a4ffcae182..07a64ccf62f 100644 --- a/2019/6xxx/CVE-2019-6261.json +++ b/2019/6xxx/CVE-2019-6261.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact" - }, - { - "name" : "106638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106638" + }, + { + "name": "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6629.json b/2019/6xxx/CVE-2019-6629.json index c9c0fad310f..cb0949f9c08 100644 --- a/2019/6xxx/CVE-2019-6629.json +++ b/2019/6xxx/CVE-2019-6629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6629", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6712.json b/2019/6xxx/CVE-2019-6712.json index 3b8804aa343..660ad681972 100644 --- a/2019/6xxx/CVE-2019-6712.json +++ b/2019/6xxx/CVE-2019-6712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6926.json b/2019/6xxx/CVE-2019-6926.json index 4c47ec134fc..0d9d5e39c71 100644 --- a/2019/6xxx/CVE-2019-6926.json +++ b/2019/6xxx/CVE-2019-6926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7573.json b/2019/7xxx/CVE-2019-7573.json index eea51fb63ec..d7313946b22 100644 --- a/2019/7xxx/CVE-2019-7573.json +++ b/2019/7xxx/CVE-2019-7573.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html" - }, - { - "name" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4491", - "refsource" : "MISC", - "url" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4491" - }, - { - "name" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", - "refsource" : "MISC", - "url" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html" + }, + { + "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491", + "refsource": "MISC", + "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491" + }, + { + "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html" + }, + { + "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", + "refsource": "MISC", + "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720" + } + ] + } +} \ No newline at end of file