diff --git a/2006/5xxx/CVE-2006-5205.json b/2006/5xxx/CVE-2006-5205.json index b227e6963e3..9cae72be980 100644 --- a/2006/5xxx/CVE-2006-5205.json +++ b/2006/5xxx/CVE-2006-5205.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2473", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2473" - }, - { - "name" : "20328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20328" - }, - { - "name" : "22400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22400" - }, - { - "name" : "invisiongallery-index-directory-traversal(29334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2473", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2473" + }, + { + "name": "invisiongallery-index-directory-traversal(29334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29334" + }, + { + "name": "22400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22400" + }, + { + "name": "20328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20328" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5292.json b/2006/5xxx/CVE-2006-5292.json index 03ea6695abd..687ad10b31a 100644 --- a/2006/5xxx/CVE-2006-5292.json +++ b/2006/5xxx/CVE-2006-5292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2509", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2509" - }, - { - "name" : "20447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20447" - }, - { - "name" : "exhibit-engine-photo-file-include(29424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20447" + }, + { + "name": "exhibit-engine-photo-file-include(29424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29424" + }, + { + "name": "2509", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2509" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5608.json b/2006/5xxx/CVE-2006-5608.json index 96a5c3ae9f6..828ad19de02 100644 --- a/2006/5xxx/CVE-2006-5608.json +++ b/2006/5xxx/CVE-2006-5608.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"parameters from URLs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/91358", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/91358" - }, - { - "name" : "20759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20759" - }, - { - "name" : "ADV-2006-4218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4218" - }, - { - "name" : "22566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22566" - }, - { - "name" : "extended-unspecified-sql-injection(29821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"parameters from URLs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4218" + }, + { + "name": "extended-unspecified-sql-injection(29821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29821" + }, + { + "name": "22566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22566" + }, + { + "name": "20759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20759" + }, + { + "name": "http://drupal.org/node/91358", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/91358" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5774.json b/2006/5xxx/CVE-2006-5774.json index c0e6aed3af4..fcaf869ad49 100644 --- a/2006/5xxx/CVE-2006-5774.json +++ b/2006/5xxx/CVE-2006-5774.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.h14m.org/dist/", - "refsource" : "MISC", - "url" : "http://www.h14m.org/dist/" - }, - { - "name" : "JVN#88325166", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2388325166/index.html" - }, - { - "name" : "20949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20949" - }, - { - "name" : "ADV-2006-4363", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4363" - }, - { - "name" : "22697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22697" - }, - { - "name" : "hns-unspecified-xss(30040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4363", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4363" + }, + { + "name": "hns-unspecified-xss(30040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30040" + }, + { + "name": "http://www.h14m.org/dist/", + "refsource": "MISC", + "url": "http://www.h14m.org/dist/" + }, + { + "name": "20949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20949" + }, + { + "name": "22697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22697" + }, + { + "name": "JVN#88325166", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2388325166/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5916.json b/2006/5xxx/CVE-2006-5916.json index 7fc558f3890..5c5331f46fc 100644 --- a/2006/5xxx/CVE-2006-5916.json +++ b/2006/5xxx/CVE-2006-5916.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0141.html" - }, - { - "name" : "http://www.digitalmunition.com/DMA[2006-1031a].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2006-1031a].txt" - }, - { - "name" : "20983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20983" - }, - { - "name" : "1017202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017202" - }, - { - "name" : "virusbarrier-security-bypass(30127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20983" + }, + { + "name": "http://www.digitalmunition.com/DMA[2006-1031a].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2006-1031a].txt" + }, + { + "name": "1017202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017202" + }, + { + "name": "20061108 DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit'", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0141.html" + }, + { + "name": "virusbarrier-security-bypass(30127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30127" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5964.json b/2006/5xxx/CVE-2006-5964.json index 63aadcfdb2e..da1122f259d 100644 --- a/2006/5xxx/CVE-2006-5964.json +++ b/2006/5xxx/CVE-2006-5964.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-5964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-72/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-72/advisory/" - }, - { - "name" : "22104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22104" - }, - { - "name" : "ADV-2007-0235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0235" - }, - { - "name" : "32865", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32865" - }, - { - "name" : "21458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21458" - }, - { - "name" : "pentazip-choshila-dos(31583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0235" + }, + { + "name": "21458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21458" + }, + { + "name": "http://secunia.com/secunia_research/2006-72/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-72/advisory/" + }, + { + "name": "22104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22104" + }, + { + "name": "32865", + "refsource": "OSVDB", + "url": "http://osvdb.org/32865" + }, + { + "name": "pentazip-choshila-dos(31583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31583" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2087.json b/2007/2xxx/CVE-2007-2087.json index d5cb4c5f761..c71511f48de 100644 --- a/2007/2xxx/CVE-2007-2087.json +++ b/2007/2xxx/CVE-2007-2087.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24902" - }, - { - "name" : "cnstats-bn-file-include(33977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24902" + }, + { + "name": "cnstats-bn-file-include(33977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33977" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2209.json b/2007/2xxx/CVE-2007-2209.json index b29a34b02af..78972662088 100644 --- a/2007/2xxx/CVE-2007-2209.json +++ b/2007/2xxx/CVE-2007-2209.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3779", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3779" - }, - { - "name" : "23604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23604" - }, - { - "name" : "ADV-2007-1506", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1506" - }, - { - "name" : "35308", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35308" - }, - { - "name" : "35386", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35386" - }, - { - "name" : "1017963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017963" - }, - { - "name" : "25016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25016" - }, - { - "name" : "25050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25050" - }, - { - "name" : "paintshopphoto-clp-bo(33821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1506", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1506" + }, + { + "name": "3779", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3779" + }, + { + "name": "25050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25050" + }, + { + "name": "25016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25016" + }, + { + "name": "1017963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017963" + }, + { + "name": "23604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23604" + }, + { + "name": "35308", + "refsource": "OSVDB", + "url": "http://osvdb.org/35308" + }, + { + "name": "35386", + "refsource": "OSVDB", + "url": "http://osvdb.org/35386" + }, + { + "name": "paintshopphoto-clp-bo(33821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33821" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2465.json b/2007/2xxx/CVE-2007-2465.json index af72be48bb5..7e06aea017c 100644 --- a/2007/2xxx/CVE-2007-2465.json +++ b/2007/2xxx/CVE-2007-2465.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102900", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1" - }, - { - "name" : "23751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23751" - }, - { - "name" : "ADV-2007-1611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1611" - }, - { - "name" : "34904", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34904" - }, - { - "name" : "oval:org.mitre.oval:def:1085", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1085" - }, - { - "name" : "1017992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017992" - }, - { - "name" : "25081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25081" - }, - { - "name" : "sun-solaris-bsm-dos(34003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-solaris-bsm-dos(34003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34003" + }, + { + "name": "23751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23751" + }, + { + "name": "34904", + "refsource": "OSVDB", + "url": "http://osvdb.org/34904" + }, + { + "name": "25081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25081" + }, + { + "name": "102900", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1" + }, + { + "name": "oval:org.mitre.oval:def:1085", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1085" + }, + { + "name": "ADV-2007-1611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1611" + }, + { + "name": "1017992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017992" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2504.json b/2007/2xxx/CVE-2007-2504.json index eedc2c1b7cf..79aa7558ce2 100644 --- a/2007/2xxx/CVE-2007-2504.json +++ b/2007/2xxx/CVE-2007-2504.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070421 turbolence core 0.0.1 alpha Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466564/100/100/threaded" - }, - { - "name" : "20070422 false: turbolence core 0.0.1 alpha Remote File Inclusion", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001541.html" - }, - { - "name" : "23580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23580" - }, - { - "name" : "2673", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2673" - }, - { - "name" : "phpturbulence-turbulence-file-include(33824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2673", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2673" + }, + { + "name": "20070422 false: turbolence core 0.0.1 alpha Remote File Inclusion", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001541.html" + }, + { + "name": "23580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23580" + }, + { + "name": "phpturbulence-turbulence-file-include(33824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33824" + }, + { + "name": "20070421 turbolence core 0.0.1 alpha Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466564/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2732.json b/2007/2xxx/CVE-2007-2732.json index 99959f610a6..707dc1f71b7 100644 --- a/2007/2xxx/CVE-2007-2732.json +++ b/2007/2xxx/CVE-2007-2732.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070515 Re: Jetbox CMS version 2.1 E-Mail Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468681/100/0/threaded" - }, - { - "name" : "23999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23999" - }, - { - "name" : "ADV-2007-1831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1831" - }, - { - "name" : "37451", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37451" - }, - { - "name" : "37452", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37452" - }, - { - "name" : "2711", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070515 Re: Jetbox CMS version 2.1 E-Mail Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468681/100/0/threaded" + }, + { + "name": "2711", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2711" + }, + { + "name": "ADV-2007-1831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1831" + }, + { + "name": "23999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23999" + }, + { + "name": "37451", + "refsource": "OSVDB", + "url": "http://osvdb.org/37451" + }, + { + "name": "37452", + "refsource": "OSVDB", + "url": "http://osvdb.org/37452" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3127.json b/2007/3xxx/CVE-2007-3127.json index a6c8ed645a4..9c0599a1d30 100644 --- a/2007/3xxx/CVE-2007-3127.json +++ b/2007/3xxx/CVE-2007-3127.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a \"';\" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070617 WSPortal version 1.0 Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471619/100/0/threaded" - }, - { - "name" : "20070617 WSPortal version 1.0 Path Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html" - }, - { - "name" : "http://www.netvigilance.com/advisory0032", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0032" - }, - { - "name" : "ADV-2007-2237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2237" - }, - { - "name" : "34164", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34164" - }, - { - "name" : "wsportal-content-path-disclosure(34894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a \"';\" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34164", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34164" + }, + { + "name": "http://www.netvigilance.com/advisory0032", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0032" + }, + { + "name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471619/100/0/threaded" + }, + { + "name": "wsportal-content-path-disclosure(34894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894" + }, + { + "name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html" + }, + { + "name": "ADV-2007-2237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2237" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6067.json b/2007/6xxx/CVE-2007-6067.json index b34fbea8927..b00a43d7395 100644 --- a/2007/6xxx/CVE-2007-6067.json +++ b/2007/6xxx/CVE-2007-6067.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080107 PostgreSQL 2007-01-07 Cumulative Security Release", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485864/100/0/threaded" - }, - { - "name" : "20080115 rPSA-2008-0016-1 postgresql postgresql-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486407/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894" - }, - { - "name" : "http://www.postgresql.org/about/news.905", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.905" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1768", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1768" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-1460", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1460" - }, - { - "name" : "DSA-1463", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1463" - }, - { - "name" : "FEDORA-2008-0478", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html" - }, - { - "name" : "FEDORA-2008-0552", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html" - }, - { - "name" : "GLSA-200801-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-15.xml" - }, - { - "name" : "HPSBTU02325", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154" - }, - { - "name" : "SSRT080006", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154" - }, - { - "name" : "MDVSA-2008:004", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004" - }, - { - "name" : "RHSA-2008:0038", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0038.html" - }, - { - "name" : "RHSA-2008:0040", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0040.html" - }, - { - "name" : "RHSA-2013:0122", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0122.html" - }, - { - "name" : "103197", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1" - }, - { - "name" : "200559", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1" - }, - { - "name" : "SUSE-SA:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html" - }, - { - "name" : "USN-568-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/568-1/" - }, - { - "name" : "27163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27163" - }, - { - "name" : "oval:org.mitre.oval:def:10235", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235" - }, - { - "name" : "ADV-2008-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0061" - }, - { - "name" : "ADV-2008-0109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0109" - }, - { - "name" : "ADV-2008-1071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1071/references" - }, - { - "name" : "1019157", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019157" - }, - { - "name" : "28359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28359" - }, - { - "name" : "28376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28376" - }, - { - "name" : "28438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28438" - }, - { - "name" : "28437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28437" - }, - { - "name" : "28454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28454" - }, - { - "name" : "28464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28464" - }, - { - "name" : "28477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28477" - }, - { - "name" : "28479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28479" - }, - { - "name" : "28455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28455" - }, - { - "name" : "28679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28679" - }, - { - "name" : "28698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28698" - }, - { - "name" : "29638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29638" - }, - { - "name" : "postgresql-complex-expression-dos(39498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:004", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004" + }, + { + "name": "DSA-1460", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1460" + }, + { + "name": "RHSA-2013:0122", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0122.html" + }, + { + "name": "27163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27163" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1768", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1768" + }, + { + "name": "RHSA-2008:0038", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html" + }, + { + "name": "postgresql-complex-expression-dos(39498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39498" + }, + { + "name": "28454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28454" + }, + { + "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10235", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235" + }, + { + "name": "28359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28359" + }, + { + "name": "http://www.postgresql.org/about/news.905", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.905" + }, + { + "name": "SUSE-SA:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html" + }, + { + "name": "ADV-2008-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0061" + }, + { + "name": "28679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28679" + }, + { + "name": "ADV-2008-0109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0109" + }, + { + "name": "28376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28376" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894" + }, + { + "name": "103197", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1" + }, + { + "name": "28437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28437" + }, + { + "name": "28455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28455" + }, + { + "name": "28477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28477" + }, + { + "name": "29638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29638" + }, + { + "name": "28479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28479" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894" + }, + { + "name": "DSA-1463", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1463" + }, + { + "name": "RHSA-2008:0040", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html" + }, + { + "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded" + }, + { + "name": "28464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28464" + }, + { + "name": "28698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28698" + }, + { + "name": "SSRT080006", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154" + }, + { + "name": "200559", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1" + }, + { + "name": "USN-568-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/568-1/" + }, + { + "name": "FEDORA-2008-0552", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html" + }, + { + "name": "28438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28438" + }, + { + "name": "1019157", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019157" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "FEDORA-2008-0478", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html" + }, + { + "name": "HPSBTU02325", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154" + }, + { + "name": "GLSA-200801-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml" + }, + { + "name": "ADV-2008-1071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1071/references" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6297.json b/2007/6xxx/CVE-2007-6297.json index 2b02cdf8441..16c832ab16a 100644 --- a/2007/6xxx/CVE-2007-6297.json +++ b/2007/6xxx/CVE-2007-6297.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071204 RFI and Multiple XSS in PhpMyChat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484575/100/0/threaded" - }, - { - "name" : "26698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26698" - }, - { - "name" : "3426", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071204 RFI and Multiple XSS in PhpMyChat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484575/100/0/threaded" + }, + { + "name": "26698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26698" + }, + { + "name": "3426", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3426" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6348.json b/2007/6xxx/CVE-2007-6348.json index 6c8454e5729..bf240324a0a 100644 --- a/2007/6xxx/CVE-2007-6348.json +++ b/2007/6xxx/CVE-2007-6348.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119765643909825&w=2" - }, - { - "name" : "20071213 SECURITY: 1.4.12 Package Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485037/100/0/threaded" - }, - { - "name" : "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2" - }, - { - "name" : "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2" - }, - { - "name" : "http://www.squirrelmail.org/index.php", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/index.php" - }, - { - "name" : "42633", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42633" - }, - { - "name" : "28095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[squirrelmail-devel] 20071214 Re: [SM-DEVEL] SECURITY: 1.4.12 Package Compromise", + "refsource": "MLIST", + "url": "http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2" + }, + { + "name": "20071213 SECURITY: 1.4.12 Package Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485037/100/0/threaded" + }, + { + "name": "20071214 ANNOUNCE: SquirrelMail 1.4.13 Released", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119765643909825&w=2" + }, + { + "name": "28095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28095" + }, + { + "name": "http://www.squirrelmail.org/index.php", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/index.php" + }, + { + "name": "[squirrelmail-devel] 20071213 [SM-DEVEL] SECURITY: 1.4.12 Package Compromise", + "refsource": "MLIST", + "url": "http://marc.info/?l=squirrelmail-devel&m=119756462212214&w=2" + }, + { + "name": "42633", + "refsource": "OSVDB", + "url": "http://osvdb.org/42633" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0104.json b/2010/0xxx/CVE-2010-0104.json index 3ee284f4593..0305b672fc1 100644 --- a/2010/0xxx/CVE-2010-0104.json +++ b/2010/0xxx/CVE-2010-0104.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02511", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471" - }, - { - "name" : "SSRT100022", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471" - }, - { - "name" : "VU#512705", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/512705" - }, - { - "name" : "38759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38759" - }, - { - "name" : "1023710", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023710" - }, - { - "name" : "39003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39003" - }, - { - "name" : "ADV-2010-0631", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#512705", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/512705" + }, + { + "name": "1023710", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023710" + }, + { + "name": "ADV-2010-0631", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0631" + }, + { + "name": "38759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38759" + }, + { + "name": "HPSBGN02511", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471" + }, + { + "name": "39003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39003" + }, + { + "name": "SSRT100022", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0125.json b/2010/0xxx/CVE-2010-0125.json index c85f325182e..c190601033b 100644 --- a/2010/0xxx/CVE-2010-0125.json +++ b/2010/0xxx/CVE-2010-0125.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0189.json b/2010/0xxx/CVE-2010-0189.json index 6965171215b..e627dc6188e 100644 --- a/2010/0xxx/CVE-2010-0189.json +++ b/2010/0xxx/CVE-2010-0189.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856" - }, - { - "name" : "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx", - "refsource" : "MISC", - "url" : "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx" - }, - { - "name" : "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html", - "refsource" : "MISC", - "url" : "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=5505", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=5505" - }, - { - "name" : "http://www.akitasecurity.nl/advisory.php?id=AK20090401", - "refsource" : "MISC", - "url" : "http://www.akitasecurity.nl/advisory.php?id=AK20090401" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-08.html" - }, - { - "name" : "38313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38313" - }, - { - "name" : "62547", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62547" - }, - { - "name" : "oval:org.mitre.oval:def:7182", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182" - }, - { - "name" : "1023651", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023651" - }, - { - "name" : "38729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38729" - }, - { - "name" : "ADV-2010-0459", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0459" - }, - { - "name" : "adobe-dlmanager-unspecified-file-download(56370)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-08.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html" + }, + { + "name": "1023651", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023651" + }, + { + "name": "38313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38313" + }, + { + "name": "ADV-2010-0459", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0459" + }, + { + "name": "http://blogs.zdnet.com/security/?p=5505", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=5505" + }, + { + "name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856" + }, + { + "name": "http://www.akitasecurity.nl/advisory.php?id=AK20090401", + "refsource": "MISC", + "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401" + }, + { + "name": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx", + "refsource": "MISC", + "url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx" + }, + { + "name": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html", + "refsource": "MISC", + "url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html" + }, + { + "name": "38729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38729" + }, + { + "name": "oval:org.mitre.oval:def:7182", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182" + }, + { + "name": "62547", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62547" + }, + { + "name": "adobe-dlmanager-unspecified-file-download(56370)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0300.json b/2010/0xxx/CVE-2010-0300.json index 01cd60d6f45..b09f1965310 100644 --- a/2010/0xxx/CVE-2010-0300.json +++ b/2010/0xxx/CVE-2010-0300.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ircd-ratbox] 20100125 ircd-ratbox-2.2.9 released", - "refsource" : "MLIST", - "url" : "http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html" - }, - { - "name" : "http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz" - }, - { - "name" : "DSA-1980", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1980" - }, - { - "name" : "38210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38210" - }, - { - "name" : "38383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[ircd-ratbox] 20100125 ircd-ratbox-2.2.9 released", + "refsource": "MLIST", + "url": "http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html" + }, + { + "name": "DSA-1980", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1980" + }, + { + "name": "38383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38383" + }, + { + "name": "http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz" + }, + { + "name": "38210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38210" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0634.json b/2010/0xxx/CVE-2010-0634.json index d3e5e1ae4fa..1546c3bcfc9 100644 --- a/2010/0xxx/CVE-2010-0634.json +++ b/2010/0xxx/CVE-2010-0634.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/flex/releases/311661", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/flex/releases/311661" - }, - { - "name" : "62029", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freshmeat.net/projects/flex/releases/311661", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/flex/releases/311661" + }, + { + "name": "62029", + "refsource": "OSVDB", + "url": "http://osvdb.org/62029" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1387.json b/2010/1xxx/CVE-2010-1387.json index 9ca0310c7c5..7b1710c015e 100644 --- a/2010/1xxx/CVE-2010-1387.json +++ b/2010/1xxx/CVE-2010-1387.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "41016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41016" - }, - { - "name" : "oval:org.mitre.oval:def:7061", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061" - }, - { - "name" : "1024108", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024108" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "itunes-webkit-unspecified-var1(59506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "itunes-webkit-unspecified-var1(59506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506" + }, + { + "name": "oval:org.mitre.oval:def:7061", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "41016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41016" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "1024108", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024108" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1879.json b/2010/1xxx/CVE-2010-1879.json index b97be7c234d..2f5a8053611 100644 --- a/2010/1xxx/CVE-2010-1879.json +++ b/2010/1xxx/CVE-2010-1879.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "oval:org.mitre.oval:def:7517", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7517", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517" + }, + { + "name": "MS10-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5041.json b/2010/5xxx/CVE-2010-5041.json index cde7d994943..e88d8fd1094 100644 --- a/2010/5xxx/CVE-2010-5041.json +++ b/2010/5xxx/CVE-2010-5041.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12787", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12787/" - }, - { - "name" : "40448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40448" - }, - { - "name" : "65005", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65005" - }, - { - "name" : "40022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40022" - }, - { - "name" : "ADV-2010-1285", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1285" - }, - { - "name" : "npgalleryplugin-nucleus-sql-injection(58997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1285", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1285" + }, + { + "name": "12787", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12787/" + }, + { + "name": "40022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40022" + }, + { + "name": "40448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40448" + }, + { + "name": "65005", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65005" + }, + { + "name": "npgalleryplugin-nucleus-sql-injection(58997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58997" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0421.json b/2014/0xxx/CVE-2014-0421.json index fe8db022ddd..fd73b585fa2 100644 --- a/2014/0xxx/CVE-2014-0421.json +++ b/2014/0xxx/CVE-2014-0421.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0527.json b/2014/0xxx/CVE-2014-0527.json index 52cb738c813..0c09f6347a0 100644 --- a/2014/0xxx/CVE-2014-0527.json +++ b/2014/0xxx/CVE-2014-0527.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-15.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0553.json b/2014/0xxx/CVE-2014-0553.json index d146678f819..e8fb5f0cba1 100644 --- a/2014/0xxx/CVE-2014-0553.json +++ b/2014/0xxx/CVE-2014-0553.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" - }, - { - "name" : "GLSA-201409-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-05.xml" - }, - { - "name" : "SUSE-SU-2014:1124", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" - }, - { - "name" : "openSUSE-SU-2014:1110", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" - }, - { - "name" : "openSUSE-SU-2014:1130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" - }, - { - "name" : "69707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69707" - }, - { - "name" : "1030822", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030822" - }, - { - "name" : "61089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61089" - }, - { - "name" : "adobe-flash-cve20140553-code-exec(95823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69707" + }, + { + "name": "GLSA-201409-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-05.xml" + }, + { + "name": "61089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61089" + }, + { + "name": "openSUSE-SU-2014:1130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" + }, + { + "name": "adobe-flash-cve20140553-code-exec(95823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95823" + }, + { + "name": "openSUSE-SU-2014:1110", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" + }, + { + "name": "SUSE-SU-2014:1124", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" + }, + { + "name": "1030822", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030822" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0639.json b/2014/0xxx/CVE-2014-0639.json index b2e1226ad04..5ab48c1307b 100644 --- a/2014/0xxx/CVE-2014-0639.json +++ b/2014/0xxx/CVE-2014-0639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140523 ESA-2014-021: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html" - }, - { - "name" : "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html" - }, - { - "name" : "67602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67602" - }, - { - "name" : "1030281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030281" + }, + { + "name": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126788/RSA-Archer-GRC-Cross-Site-Scripting.html" + }, + { + "name": "20140523 ESA-2014-021: RSA Archer GRC Multiple Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0134.html" + }, + { + "name": "67602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67602" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1341.json b/2014/1xxx/CVE-2014-1341.json index d7758c635b9..7a7f5008488 100644 --- a/2014/1xxx/CVE-2014-1341.json +++ b/2014/1xxx/CVE-2014-1341.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6254", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6254" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-05-21-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "67553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "http://support.apple.com/kb/HT6254", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6254" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "67553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67553" + }, + { + "name": "APPLE-SA-2014-05-21-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1738.json b/2014/1xxx/CVE-2014-1738.json index e3fb5725143..60fbcec9ec1 100644 --- a/2014/1xxx/CVE-2014-1738.json +++ b/2014/1xxx/CVE-2014-1738.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/09/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1094299", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1094299" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0771.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0771.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3043.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3043.html" - }, - { - "name" : "DSA-2926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2926" - }, - { - "name" : "DSA-2928", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2928" - }, - { - "name" : "RHSA-2014:0800", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0800.html" - }, - { - "name" : "RHSA-2014:0801", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0801.html" - }, - { - "name" : "SUSE-SU-2014:0667", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html" - }, - { - "name" : "SUSE-SU-2014:0683", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html" - }, - { - "name" : "67302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67302" - }, - { - "name" : "1030474", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030474" - }, - { - "name" : "59309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59309" - }, - { - "name" : "59599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59599" - }, - { - "name" : "59262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59262" - }, - { - "name" : "59406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0683", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html" + }, + { + "name": "67302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67302" + }, + { + "name": "59262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59262" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f" + }, + { + "name": "59309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59309" + }, + { + "name": "59406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59406" + }, + { + "name": "DSA-2928", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2928" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" + }, + { + "name": "RHSA-2014:0800", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html" + }, + { + "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2" + }, + { + "name": "59599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59599" + }, + { + "name": "DSA-2926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2926" + }, + { + "name": "SUSE-SU-2014:0667", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f" + }, + { + "name": "1030474", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030474" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3043.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html" + }, + { + "name": "RHSA-2014:0801", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4064.json b/2014/4xxx/CVE-2014-4064.json index 739cf342ab0..f5c7253f6ce 100644 --- a/2014/4xxx/CVE-2014-4064.json +++ b/2014/4xxx/CVE-2014-4064.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka \"Windows Kernel Pool Allocation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-045" - }, - { - "name" : "69144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69144" - }, - { - "name" : "60673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka \"Windows Kernel Pool Allocation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69144" + }, + { + "name": "60673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60673" + }, + { + "name": "MS14-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-045" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4207.json b/2014/4xxx/CVE-2014-4207.json index 7246a89e8fc..f3400b8cd8f 100644 --- a/2014/4xxx/CVE-2014-4207.json +++ b/2014/4xxx/CVE-2014-4207.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-2985", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2985" - }, - { - "name" : "SUSE-SU-2014:1072", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "68593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68593" - }, - { - "name" : "1030578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030578" - }, - { - "name" : "60425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60425" - }, - { - "name" : "oracle-cpujul2014-cve20144207(94624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "1030578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030578" + }, + { + "name": "SUSE-SU-2014:1072", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "DSA-2985", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2985" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "68593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68593" + }, + { + "name": "oracle-cpujul2014-cve20144207(94624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94624" + }, + { + "name": "60425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60425" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4277.json b/2014/4xxx/CVE-2014-4277.json index 66cbca083b6..4d44d471443 100644 --- a/2014/4xxx/CVE-2014-4277.json +++ b/2014/4xxx/CVE-2014-4277.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70539" - }, - { - "name" : "1031032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031032" - }, - { - "name" : "61593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70539" + }, + { + "name": "1031032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031032" + }, + { + "name": "61593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61593" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4585.json b/2014/4xxx/CVE-2014-4585.json index 18cbf091ac7..36c97e21bc3 100644 --- a/2014/4xxx/CVE-2014-4585.json +++ b/2014/4xxx/CVE-2014-4585.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-facethumb-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-facethumb-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-facethumb-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-facethumb-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4586.json b/2014/4xxx/CVE-2014-4586.json index dc6bbaf36fe..cc1c6682eda 100644 --- a/2014/4xxx/CVE-2014-4586.json +++ b/2014/4xxx/CVE-2014-4586.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an \"action\" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an \"action\" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4610.json b/2014/4xxx/CVE-2014-4610.json index 133802d8895..77a7c431726 100644 --- a/2014/4xxx/CVE-2014-4610.json +++ b/2014/4xxx/CVE-2014-4610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4610", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4610", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5466.json b/2014/5xxx/CVE-2014-5466.json index d5967133fc5..a296e409da4 100644 --- a/2014/5xxx/CVE-2014-5466.json +++ b/2014/5xxx/CVE-2014-5466.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAANST", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAANST" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAANST", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAANST" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10136.json b/2016/10xxx/CVE-2016-10136.json index 801aa429f59..eb720d76b39 100644 --- a/2016/10xxx/CVE-2016-10136.json +++ b/2016/10xxx/CVE-2016-10136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/adups_security_analysis.html", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/adups_security_analysis.html" - }, - { - "name" : "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", - "refsource" : "MISC", - "url" : "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" - }, - { - "name" : "96854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/adups_security_analysis.html", + "refsource": "MISC", + "url": "https://www.kryptowire.com/adups_security_analysis.html" + }, + { + "name": "96854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96854" + }, + { + "name": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", + "refsource": "MISC", + "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10649.json b/2016/10xxx/CVE-2016-10649.json index a31f44ba67e..3b64d2ec0c0 100644 --- a/2016/10xxx/CVE-2016-10649.json +++ b/2016/10xxx/CVE-2016-10649.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "frames-compiler node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "frames-compiler node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/247", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/247", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/247" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3685.json b/2016/3xxx/CVE-2016-3685.json index b4d3938ed73..c6fa00e0789 100644 --- a/2016/3xxx/CVE-2016-3685.json +++ b/2016/3xxx/CVE-2016-3685.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160309 [CORE-2016-0004] - SAP Download Manager Password Weak Encryption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537746/100/0/threaded" - }, - { - "name" : "20160309 [CORE-2016-0004] - SAP Download Manager Password Weak Encryption", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Mar/20" - }, - { - "name" : "http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html" - }, - { - "name" : "http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160309 [CORE-2016-0004] - SAP Download Manager Password Weak Encryption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537746/100/0/threaded" + }, + { + "name": "http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption" + }, + { + "name": "http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html" + }, + { + "name": "20160309 [CORE-2016-0004] - SAP Download Manager Password Weak Encryption", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Mar/20" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7975.json b/2016/7xxx/CVE-2016-7975.json index e416bd4b43a..7468d629920 100644 --- a/2016/7xxx/CVE-2016-7975.json +++ b/2016/7xxx/CVE-2016-7975.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8042.json b/2016/8xxx/CVE-2016-8042.json index 717d3fcd927..aa04c1b15ec 100644 --- a/2016/8xxx/CVE-2016-8042.json +++ b/2016/8xxx/CVE-2016-8042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8172.json b/2016/8xxx/CVE-2016-8172.json index cb82ccb3b2e..1c501bbda1e 100644 --- a/2016/8xxx/CVE-2016-8172.json +++ b/2016/8xxx/CVE-2016-8172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8172", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8172", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8245.json b/2016/8xxx/CVE-2016-8245.json index 1c558f8de2f..741fa95a8ce 100644 --- a/2016/8xxx/CVE-2016-8245.json +++ b/2016/8xxx/CVE-2016-8245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8245", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8245", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8293.json b/2016/8xxx/CVE-2016-8293.json index 6e52d14feff..7bd0216a787 100644 --- a/2016/8xxx/CVE-2016-8293.json +++ b/2016/8xxx/CVE-2016-8293.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93726" - }, - { - "name" : "1037046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93726" + }, + { + "name": "1037046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037046" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8755.json b/2016/8xxx/CVE-2016-8755.json index 934a2ee3823..f669df9079c 100644 --- a/2016/8xxx/CVE-2016-8755.json +++ b/2016/8xxx/CVE-2016-8755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8755", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8755", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9252.json b/2016/9xxx/CVE-2016-9252.json index 3542fdea70c..ab2ac3d3e49 100644 --- a/2016/9xxx/CVE-2016-9252.json +++ b/2016/9xxx/CVE-2016-9252.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-9252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "TMM data-plane" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-9252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe", + "version": { + "version_data": [ + { + "version_value": "10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K46535047", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K46535047" - }, - { - "name" : "1038132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TMM data-plane" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K46535047", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K46535047" + }, + { + "name": "1038132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038132" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9391.json b/2016/9xxx/CVE-2016-9391.json index 1fbe29c833f..e747d503b58 100644 --- a/2016/9xxx/CVE-2016-9391.json +++ b/2016/9xxx/CVE-2016-9391.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161117 Re: jasper: multiple assertion failures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/17/1" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396967", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396967" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "USN-3693-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3693-1/" - }, - { - "name" : "94371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1396967", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396967" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "[oss-security] 20161117 Re: jasper: multiple assertion failures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/17/1" + }, + { + "name": "USN-3693-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3693-1/" + }, + { + "name": "https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b" + }, + { + "name": "94371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94371" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9798.json b/2016/9xxx/CVE-2016-9798.json index 937120736de..a0de971d698 100644 --- a/2016/9xxx/CVE-2016-9798.json +++ b/2016/9xxx/CVE-2016-9798.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", - "refsource" : "MISC", - "url" : "https://www.spinics.net/lists/linux-bluetooth/msg68892.html" - }, - { - "name" : "94652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", + "refsource": "MISC", + "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html" + }, + { + "name": "94652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94652" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9877.json b/2016/9xxx/CVE-2016-9877.json index c99ad0be818..5f9613625a2 100644 --- a/2016/9xxx/CVE-2016-9877.json +++ b/2016/9xxx/CVE-2016-9877.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-9877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7", - "version" : { - "version_data" : [ - { - "version_value" : "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "RabbitMQ authentication vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-9877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7", + "version": { + "version_data": [ + { + "version_value": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2016-9877", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2016-9877" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us" - }, - { - "name" : "DSA-3761", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3761" - }, - { - "name" : "95065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RabbitMQ authentication vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us" + }, + { + "name": "95065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95065" + }, + { + "name": "https://pivotal.io/security/cve-2016-9877", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2016-9877" + }, + { + "name": "DSA-3761", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3761" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2032.json b/2019/2xxx/CVE-2019-2032.json index 2d3bcd0a6ce..912134e6df9 100644 --- a/2019/2xxx/CVE-2019-2032.json +++ b/2019/2xxx/CVE-2019-2032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2032", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2032", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2077.json b/2019/2xxx/CVE-2019-2077.json index b7b12c4f634..118ff3846b1 100644 --- a/2019/2xxx/CVE-2019-2077.json +++ b/2019/2xxx/CVE-2019-2077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2379.json b/2019/2xxx/CVE-2019-2379.json index fa6524ce4b0..e851eb42ed8 100644 --- a/2019/2xxx/CVE-2019-2379.json +++ b/2019/2xxx/CVE-2019-2379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2624.json b/2019/2xxx/CVE-2019-2624.json index 8569b979f53..10f58d7cb19 100644 --- a/2019/2xxx/CVE-2019-2624.json +++ b/2019/2xxx/CVE-2019-2624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2913.json b/2019/2xxx/CVE-2019-2913.json index f027de4326c..ac80dd2d724 100644 --- a/2019/2xxx/CVE-2019-2913.json +++ b/2019/2xxx/CVE-2019-2913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2913", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2913", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6841.json b/2019/6xxx/CVE-2019-6841.json index 9de65d3f1cf..872ceaad721 100644 --- a/2019/6xxx/CVE-2019-6841.json +++ b/2019/6xxx/CVE-2019-6841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file