From 6e3d5644bb5a5a4d51192eca949479bd004a1b88 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:55:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0200.json | 210 +++++++++++----------- 2006/0xxx/CVE-2006-0550.json | 170 +++++++++--------- 2006/0xxx/CVE-2006-0895.json | 170 +++++++++--------- 2006/1xxx/CVE-2006-1906.json | 170 +++++++++--------- 2006/4xxx/CVE-2006-4093.json | 340 +++++++++++++++++------------------ 2006/4xxx/CVE-2006-4412.json | 210 +++++++++++----------- 2006/4xxx/CVE-2006-4738.json | 150 ++++++++-------- 2006/5xxx/CVE-2006-5958.json | 170 +++++++++--------- 2010/2xxx/CVE-2010-2315.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2322.json | 230 ++++++++++++------------ 2010/2xxx/CVE-2010-2625.json | 150 ++++++++-------- 2010/2xxx/CVE-2010-2645.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2778.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3131.json | 230 ++++++++++++------------ 2010/3xxx/CVE-2010-3246.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3583.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3713.json | 150 ++++++++-------- 2010/4xxx/CVE-2010-4859.json | 140 +++++++-------- 2010/4xxx/CVE-2010-4860.json | 150 ++++++++-------- 2010/4xxx/CVE-2010-4981.json | 160 ++++++++--------- 2011/1xxx/CVE-2011-1225.json | 210 +++++++++++----------- 2014/3xxx/CVE-2014-3044.json | 34 ++-- 2014/3xxx/CVE-2014-3401.json | 34 ++-- 2014/3xxx/CVE-2014-3436.json | 150 ++++++++-------- 2014/3xxx/CVE-2014-3558.json | 190 ++++++++++---------- 2014/4xxx/CVE-2014-4554.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7252.json | 150 ++++++++-------- 2014/8xxx/CVE-2014-8007.json | 130 +++++++------- 2014/8xxx/CVE-2014-8476.json | 150 ++++++++-------- 2014/8xxx/CVE-2014-8869.json | 160 ++++++++--------- 2014/8xxx/CVE-2014-8914.json | 170 +++++++++--------- 2014/8xxx/CVE-2014-8919.json | 34 ++-- 2014/8xxx/CVE-2014-8946.json | 34 ++-- 2014/9xxx/CVE-2014-9422.json | 250 +++++++++++++------------- 2014/9xxx/CVE-2014-9656.json | 240 ++++++++++++------------- 2014/9xxx/CVE-2014-9743.json | 150 ++++++++-------- 2014/9xxx/CVE-2014-9758.json | 130 +++++++------- 2014/9xxx/CVE-2014-9937.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2248.json | 34 ++-- 2016/2xxx/CVE-2016-2619.json | 34 ++-- 2016/2xxx/CVE-2016-2695.json | 34 ++-- 2016/6xxx/CVE-2016-6294.json | 230 ++++++++++++------------ 2016/6xxx/CVE-2016-6505.json | 190 ++++++++++---------- 2016/6xxx/CVE-2016-6711.json | 140 +++++++-------- 2016/7xxx/CVE-2016-7619.json | 160 ++++++++--------- 2016/7xxx/CVE-2016-7679.json | 34 ++-- 2017/5xxx/CVE-2017-5534.json | 214 +++++++++++----------- 47 files changed, 3533 insertions(+), 3533 deletions(-) diff --git a/2006/0xxx/CVE-2006-0200.json b/2006/0xxx/CVE-2006-0200.json index eefc6de8e98..454a7dbc8df 100644 --- a/2006/0xxx/CVE-2006-0200.json +++ b/2006/0xxx/CVE-2006-0200.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 Advisory 02/2006: PHP ext/mysqli Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421705/100/0/threaded" - }, - { - "name" : "http://www.hardened-php.net/advisory_022006.113.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_022006.113.html" - }, - { - "name" : "http://www.php.net/release_5_1_2.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_2.php" - }, - { - "name" : "16219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16219" - }, - { - "name" : "ADV-2006-0177", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0177" - }, - { - "name" : "ADV-2006-0369", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0369" - }, - { - "name" : "1015485", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015485" - }, - { - "name" : "18431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18431" - }, - { - "name" : "337", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/337" - }, - { - "name" : "php-extmysqli-format-string(24095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015485", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015485" + }, + { + "name": "18431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18431" + }, + { + "name": "ADV-2006-0369", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0369" + }, + { + "name": "ADV-2006-0177", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0177" + }, + { + "name": "20060112 Advisory 02/2006: PHP ext/mysqli Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421705/100/0/threaded" + }, + { + "name": "php-extmysqli-format-string(24095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24095" + }, + { + "name": "http://www.hardened-php.net/advisory_022006.113.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_022006.113.html" + }, + { + "name": "337", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/337" + }, + { + "name": "16219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16219" + }, + { + "name": "http://www.php.net/release_5_1_2.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_2.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0550.json b/2006/0xxx/CVE-2006-0550.json index c1597de214f..bd213587dbf 100644 --- a/2006/0xxx/CVE-2006-0550.json +++ b/2006/0xxx/CVE-2006-0550.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are enough inconsistencies that the mapping can not be made authoritatively." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html", - "refsource" : "MISC", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" - }, - { - "name" : "TA06-018A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" - }, - { - "name" : "VU#999268", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/999268" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are enough inconsistencies that the mapping can not be made authoritatively." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" + }, + { + "name": "VU#999268", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/999268" + }, + { + "name": "TA06-018A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html", + "refsource": "MISC", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0895.json b/2006/0xxx/CVE-2006-0895.json index c6b9f1a426e..1442512de74 100644 --- a/2006/0xxx/CVE-2006-0895.json +++ b/2006/0xxx/CVE-2006-0895.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 NOCC Webmail <= 1.0 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html" - }, - { - "name" : "http://retrogod.altervista.org/noccw_10_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/noccw_10_incl_xpl.html" - }, - { - "name" : "16793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16793" - }, - { - "name" : "1015671", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015671" - }, - { - "name" : "16921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16921" - }, - { - "name" : "478", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "478", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/478" + }, + { + "name": "1015671", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015671" + }, + { + "name": "20060223 NOCC Webmail <= 1.0 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html" + }, + { + "name": "16921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16921" + }, + { + "name": "http://retrogod.altervista.org/noccw_10_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/noccw_10_incl_xpl.html" + }, + { + "name": "16793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16793" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1906.json b/2006/1xxx/CVE-2006-1906.json index 579dc62c581..86ebb1ded55 100644 --- a/2006/1xxx/CVE-2006-1906.json +++ b/2006/1xxx/CVE-2006-1906.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060418 phpLister v. 0.4.1 XSS Attacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431308/100/0/threaded" - }, - { - "name" : "http://advisory.patriotichackers.com/index.php?itemid=3", - "refsource" : "MISC", - "url" : "http://advisory.patriotichackers.com/index.php?itemid=3" - }, - { - "name" : "17591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17591" - }, - { - "name" : "735", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/735" - }, - { - "name" : "770", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/770" - }, - { - "name" : "phplister-index-xss(25910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060418 phpLister v. 0.4.1 XSS Attacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431308/100/0/threaded" + }, + { + "name": "17591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17591" + }, + { + "name": "http://advisory.patriotichackers.com/index.php?itemid=3", + "refsource": "MISC", + "url": "http://advisory.patriotichackers.com/index.php?itemid=3" + }, + { + "name": "770", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/770" + }, + { + "name": "phplister-index-xss(25910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25910" + }, + { + "name": "735", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/735" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4093.json b/2006/4xxx/CVE-2006-4093.json index 8a3497e83a9..e58191b612b 100644 --- a/2006/4xxx/CVE-2006-4093.json +++ b/2006/4xxx/CVE-2006-4093.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the \"HID0 attention enable on PPC970 at boot time.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.1", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.1" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.9", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.9" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-611", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-611" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" - }, - { - "name" : "DSA-1184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1184" - }, - { - "name" : "DSA-1237", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1237" - }, - { - "name" : "RHSA-2006:0689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html" - }, - { - "name" : "SUSE-SR:2006:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html" - }, - { - "name" : "SUSE-SR:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_22_sr.html" - }, - { - "name" : "SUSE-SA:2006:057", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_57_kernel.html" - }, - { - "name" : "USN-346-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-346-1" - }, - { - "name" : "19615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19615" - }, - { - "name" : "oval:org.mitre.oval:def:10666", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10666" - }, - { - "name" : "ADV-2006-3330", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3330" - }, - { - "name" : "ADV-2006-3331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3331" - }, - { - "name" : "21563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21563" - }, - { - "name" : "21695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21695" - }, - { - "name" : "22093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22093" - }, - { - "name" : "22292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22292" - }, - { - "name" : "22945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22945" - }, - { - "name" : "21847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21847" - }, - { - "name" : "21934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21934" - }, - { - "name" : "22148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the \"HID0 attention enable on PPC970 at boot time.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21934" + }, + { + "name": "19615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19615" + }, + { + "name": "21847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21847" + }, + { + "name": "oval:org.mitre.oval:def:10666", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10666" + }, + { + "name": "21695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21695" + }, + { + "name": "22292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22292" + }, + { + "name": "RHSA-2006:0689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html" + }, + { + "name": "ADV-2006-3331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3331" + }, + { + "name": "21563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21563" + }, + { + "name": "22148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22148" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" + }, + { + "name": "USN-346-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-346-1" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.1", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.1" + }, + { + "name": "ADV-2006-3330", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3330" + }, + { + "name": "SUSE-SR:2006:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" + }, + { + "name": "SUSE-SR:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html" + }, + { + "name": "22945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22945" + }, + { + "name": "https://issues.rpath.com/browse/RPL-611", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-611" + }, + { + "name": "DSA-1237", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1237" + }, + { + "name": "22093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22093" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.9", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.9" + }, + { + "name": "DSA-1184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1184" + }, + { + "name": "SUSE-SA:2006:057", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_57_kernel.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4412.json b/2006/4xxx/CVE-2006-4412.json index 3f8a3e5d8f1..61f17ae4be6 100644 --- a/2006/4xxx/CVE-2006-4412.json +++ b/2006/4xxx/CVE-2006-4412.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#848960", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/848960" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30726", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30726" - }, - { - "name" : "1017304", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017304" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "macos-webkit-code-execution(30645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "macos-webkit-code-execution(30645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30645" + }, + { + "name": "30726", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30726" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "VU#848960", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/848960" + }, + { + "name": "1017304", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017304" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4738.json b/2006/4xxx/CVE-2006-4738.json index 43153f8815d..0aa32788251 100644 --- a/2006/4xxx/CVE-2006-4738.json +++ b/2006/4xxx/CVE-2006-4738.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060909 Multible injections and vulnerabilities in Jetbox CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445652/100/0/threaded" - }, - { - "name" : "19303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19303" - }, - { - "name" : "1562", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1562" - }, - { - "name" : "jetboxcms-phpthumb-file-include(28843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19303" + }, + { + "name": "jetboxcms-phpthumb-file-include(28843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28843" + }, + { + "name": "1562", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1562" + }, + { + "name": "20060909 Multible injections and vulnerabilities in Jetbox CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445652/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5958.json b/2006/5xxx/CVE-2006-5958.json index 1e18201b2e6..726055bc87b 100644 --- a/2006/5xxx/CVE-2006-5958.json +++ b/2006/5xxx/CVE-2006-5958.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 infinicart [ multiples injection sql & xss (post) ]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451322/100/0/threaded" - }, - { - "name" : "21043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21043" - }, - { - "name" : "ADV-2006-4501", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4501" - }, - { - "name" : "22865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22865" - }, - { - "name" : "1881", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1881" - }, - { - "name" : "infinicart-multiple-xss(30233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21043" + }, + { + "name": "20061112 infinicart [ multiples injection sql & xss (post) ]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451322/100/0/threaded" + }, + { + "name": "ADV-2006-4501", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4501" + }, + { + "name": "22865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22865" + }, + { + "name": "infinicart-multiple-xss(30233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30233" + }, + { + "name": "1881", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1881" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2315.json b/2010/2xxx/CVE-2010-2315.json index 41ae43d4e01..22812e5917a 100644 --- a/2010/2xxx/CVE-2010-2315.json +++ b/2010/2xxx/CVE-2010-2315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.exploit-db.com/exploits/12855/", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/exploits/12855/" - }, - { - "name" : "40546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40546" - }, - { - "name" : "phpbazar-picturelib-file-include(59127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbazar-picturelib-file-include(59127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59127" + }, + { + "name": "40546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40546" + }, + { + "name": "http://www.exploit-db.com/exploits/12855/", + "refsource": "MISC", + "url": "http://www.exploit-db.com/exploits/12855/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2322.json b/2010/2xxx/CVE-2010-2322.json index e737841d543..2473311c016 100644 --- a/2010/2xxx/CVE-2010-2322.json +++ b/2010/2xxx/CVE-2010-2322.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100608 jar, fastjar directory traversal vulnerabilities", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127602564508766&w=2" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=594497", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=594497" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=601823", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=601823" - }, - { - "name" : "https://launchpad.net/bugs/540575", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/540575" - }, - { - "name" : "GLSA-201209-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-21.xml" - }, - { - "name" : "RHSA-2011:0025", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0025.html" - }, - { - "name" : "41009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41009" - }, - { - "name" : "65467", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65467" - }, - { - "name" : "42892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42892" - }, - { - "name" : "50786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50786" - }, - { - "name" : "ADV-2011-0121", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-21.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=594497", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=594497" + }, + { + "name": "[oss-security] 20100608 jar, fastjar directory traversal vulnerabilities", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127602564508766&w=2" + }, + { + "name": "RHSA-2011:0025", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=601823", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=601823" + }, + { + "name": "41009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41009" + }, + { + "name": "ADV-2011-0121", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0121" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog" + }, + { + "name": "42892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42892" + }, + { + "name": "50786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50786" + }, + { + "name": "https://launchpad.net/bugs/540575", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/540575" + }, + { + "name": "65467", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65467" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2625.json b/2010/2xxx/CVE-2010-2625.json index 20c1d3bb6d2..2bec1856530 100644 --- a/2010/2xxx/CVE-2010-2625.json +++ b/2010/2xxx/CVE-2010-2625.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-013/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-013/index.html" - }, - { - "name" : "65833", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65833" - }, - { - "name" : "40343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40343" - }, - { - "name" : "ADV-2010-1635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40343" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-013/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-013/index.html" + }, + { + "name": "65833", + "refsource": "OSVDB", + "url": "http://osvdb.org/65833" + }, + { + "name": "ADV-2010-1635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1635" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2645.json b/2010/2xxx/CVE-2010-2645.json index 0620c8fc196..7e2959f935b 100644 --- a/2010/2xxx/CVE-2010-2645.json +++ b/2010/2xxx/CVE-2010-2645.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=42396", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=42396" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12090", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=42396", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=42396" + }, + { + "name": "oval:org.mitre.oval:def:12090", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12090" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2778.json b/2010/2xxx/CVE-2010-2778.json index b5686ae354f..7c990516212 100644 --- a/2010/2xxx/CVE-2010-2778.json +++ b/2010/2xxx/CVE-2010-2778.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a \"Javascript XSS exploit.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-135/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-135/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7006375&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7006375&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=599865", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=599865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a \"Javascript XSS exploit.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=599865", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=599865" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7006375&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7006375&sliceId=1" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-135/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-135/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3131.json b/2010/3xxx/CVE-2010-3131.json index bc3b794f8e2..11381ce68d6 100644 --- a/2010/3xxx/CVE-2010-3131.json +++ b/2010/3xxx/CVE-2010-3131.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100824 Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513324/100/0/threaded" - }, - { - "name" : "14783", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14783" - }, - { - "name" : "14730", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14730" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-52.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-52.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=579593", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=579593" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:12143", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12143" - }, - { - "name" : "41095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41095" - }, - { - "name" : "41168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41168" - }, - { - "name" : "ADV-2010-2169", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2169" - }, - { - "name" : "ADV-2010-2201", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2201" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41095" + }, + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "14783", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14783" + }, + { + "name": "20100824 Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513324/100/0/threaded" + }, + { + "name": "ADV-2010-2201", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2201" + }, + { + "name": "14730", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14730" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-52.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-52.html" + }, + { + "name": "ADV-2010-2169", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2169" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "oval:org.mitre.oval:def:12143", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12143" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=579593", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=579593" + }, + { + "name": "41168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41168" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3246.json b/2010/3xxx/CVE-2010-3246.json index e35c7a05d7f..dec1addbc04 100644 --- a/2010/3xxx/CVE-2010-3246.json +++ b/2010/3xxx/CVE-2010-3246.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=34414", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=34414" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" - }, - { - "name" : "oval:org.mitre.oval:def:11752", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=34414", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=34414" + }, + { + "name": "oval:org.mitre.oval:def:11752", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11752" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3583.json b/2010/3xxx/CVE-2010-3583.json index fef275410f2..609af8d44a4 100644 --- a/2010/3xxx/CVE-2010-3583.json +++ b/2010/3xxx/CVE-2010-3583.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of multiple unspecified functions through XML-RPC that allow execution of arbitrary OS commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101102 [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514613/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of multiple unspecified functions through XML-RPC that allow execution of arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101102 [Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514613/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3713.json b/2010/3xxx/CVE-2010-3713.json index ae9d2390d00..9bd188dabee 100644 --- a/2010/3xxx/CVE-2010-3713.json +++ b/2010/3xxx/CVE-2010-3713.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101008 CVE request: usebb before 1.0.11 unauthorized access to content", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/08/5" - }, - { - "name" : "[oss-security] 20101011 Re: CVE request: usebb before 1.0.11 unauthorized access to content", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/11/5" - }, - { - "name" : "http://www.usebb.net/community/topic-2495.html", - "refsource" : "CONFIRM", - "url" : "http://www.usebb.net/community/topic-2495.html" - }, - { - "name" : "http://www.usebb.net/community/topic.php?id=2501", - "refsource" : "CONFIRM", - "url" : "http://www.usebb.net/community/topic.php?id=2501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101008 CVE request: usebb before 1.0.11 unauthorized access to content", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/08/5" + }, + { + "name": "[oss-security] 20101011 Re: CVE request: usebb before 1.0.11 unauthorized access to content", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/11/5" + }, + { + "name": "http://www.usebb.net/community/topic.php?id=2501", + "refsource": "CONFIRM", + "url": "http://www.usebb.net/community/topic.php?id=2501" + }, + { + "name": "http://www.usebb.net/community/topic-2495.html", + "refsource": "CONFIRM", + "url": "http://www.usebb.net/community/topic-2495.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4859.json b/2010/4xxx/CVE-2010-4859.json index 85031641b23..bbd04912b70 100644 --- a/2010/4xxx/CVE-2010-4859.json +++ b/2010/4xxx/CVE-2010-4859.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/webasyst-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/webasyst-sql.txt" - }, - { - "name" : "40349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40349" - }, - { - "name" : "8416", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1005-exploits/webasyst-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/webasyst-sql.txt" + }, + { + "name": "8416", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8416" + }, + { + "name": "40349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40349" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4860.json b/2010/4xxx/CVE-2010-4860.json index f815e5db9c8..88c165025fd 100644 --- a/2010/4xxx/CVE-2010-4860.json +++ b/2010/4xxx/CVE-2010-4860.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15154", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15154" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/myphpauction-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/myphpauction-sql.txt" - }, - { - "name" : "8418", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8418" - }, - { - "name" : "myphpauction-productdesc-sql-injection(62144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15154", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15154" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/myphpauction-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/myphpauction-sql.txt" + }, + { + "name": "8418", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8418" + }, + { + "name": "myphpauction-productdesc-sql-injection(62144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62144" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4981.json b/2010/4xxx/CVE-2010-4981.json index f4399906f24..77a03dee26b 100644 --- a/2010/4xxx/CVE-2010-4981.json +++ b/2010/4xxx/CVE-2010-4981.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13929", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13929" - }, - { - "name" : "40978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40978" - }, - { - "name" : "65642", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65642" - }, - { - "name" : "40289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40289" - }, - { - "name" : "bannermanagement-trackads-sql-injection(59558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13929", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13929" + }, + { + "name": "40978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40978" + }, + { + "name": "65642", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65642" + }, + { + "name": "bannermanagement-trackads-sql-injection(59558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59558" + }, + { + "name": "40289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40289" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1225.json b/2011/1xxx/CVE-2011-1225.json index 5864deec0d6..e0dc607e32e 100644 --- a/2011/1xxx/CVE-2011-1225.json +++ b/2011/1xxx/CVE-2011-1225.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47225" - }, - { - "name" : "oval:org.mitre.oval:def:12014", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12014" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var13-priv-escalation(66407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "oval:org.mitre.oval:def:12014", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12014" + }, + { + "name": "mswin-win32k-var13-priv-escalation(66407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66407" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "47225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47225" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3044.json b/2014/3xxx/CVE-2014-3044.json index 7f933630d37..8f1244fa735 100644 --- a/2014/3xxx/CVE-2014-3044.json +++ b/2014/3xxx/CVE-2014-3044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3401.json b/2014/3xxx/CVE-2014-3401.json index 83d6e6d4f7b..e1985bfef64 100644 --- a/2014/3xxx/CVE-2014-3401.json +++ b/2014/3xxx/CVE-2014-3401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3436.json b/2014/3xxx/CVE-2014-3436.json index 18897ca8965..83604eb9281 100644 --- a/2014/3xxx/CVE-2014-3436.json +++ b/2014/3xxx/CVE-2014-3436.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-3436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00" - }, - { - "name" : "69259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69259" - }, - { - "name" : "1030761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030761" - }, - { - "name" : "symantec-encryption-cve20143436-dos(95406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symantec-encryption-cve20143436-dos(95406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406" + }, + { + "name": "1030761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030761" + }, + { + "name": "69259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69259" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3558.json b/2014/3xxx/CVE-2014-3558.json index c536dffeb27..57613fac763 100644 --- a/2014/3xxx/CVE-2014-3558.json +++ b/2014/3xxx/CVE-2014-3558.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml", - "refsource" : "MISC", - "url" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml" - }, - { - "name" : "https://hibernate.atlassian.net/browse/HV-912", - "refsource" : "CONFIRM", - "url" : "https://hibernate.atlassian.net/browse/HV-912" - }, - { - "name" : "RHSA-2014:1285", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1285.html" - }, - { - "name" : "RHSA-2014:1286", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1286.html" - }, - { - "name" : "RHSA-2014:1287", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1287.html" - }, - { - "name" : "RHSA-2014:1288", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1288.html" - }, - { - "name" : "RHSA-2015:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0125.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml", + "refsource": "MISC", + "url": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml" + }, + { + "name": "https://hibernate.atlassian.net/browse/HV-912", + "refsource": "CONFIRM", + "url": "https://hibernate.atlassian.net/browse/HV-912" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "RHSA-2014:1288", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1288.html" + }, + { + "name": "RHSA-2015:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html" + }, + { + "name": "RHSA-2014:1285", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1285.html" + }, + { + "name": "RHSA-2014:1286", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1286.html" + }, + { + "name": "RHSA-2014:1287", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1287.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4554.json b/2014/4xxx/CVE-2014-4554.json index 9e70c91738b..8d5a490fc60 100644 --- a/2014/4xxx/CVE-2014-4554.json +++ b/2014/4xxx/CVE-2014-4554.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-ss-downloads-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-ss-downloads-a3-cross-site-scripting-xss" - }, - { - "name" : "http://wordpress.org/plugins/ss-downloads/changelog", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/ss-downloads/changelog" - }, - { - "name" : "65141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/ss-downloads/changelog", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/ss-downloads/changelog" + }, + { + "name": "http://codevigilant.com/disclosure/wp-plugin-ss-downloads-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-ss-downloads-a3-cross-site-scripting-xss" + }, + { + "name": "65141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65141" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7252.json b/2014/7xxx/CVE-2014-7252.json index 91cd9d8d681..0ee971e3874 100644 --- a/2014/7xxx/CVE-2014-7252.json +++ b/2014/7xxx/CVE-2014-7252.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and \"improper data validation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN67792023/397327/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/en/jp/JVN67792023/397327/index.html" - }, - { - "name" : "http://jvn.jp/en/jp/JVN67792023/995312/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/en/jp/JVN67792023/995312/index.html" - }, - { - "name" : "JVN#67792023", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN67792023/index.html" - }, - { - "name" : "JVNDB-2014-000137", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000137.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and \"improper data validation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000137", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000137.html" + }, + { + "name": "JVN#67792023", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN67792023/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN67792023/397327/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/en/jp/JVN67792023/397327/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN67792023/995312/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/en/jp/JVN67792023/995312/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8007.json b/2014/8xxx/CVE-2014-8007.json index 3a2a3daf937..896659a128b 100644 --- a/2014/8xxx/CVE-2014-8007.json +++ b/2014/8xxx/CVE-2014-8007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141219 Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8007" - }, - { - "name" : "1031416", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141219 Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8007" + }, + { + "name": "1031416", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031416" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8476.json b/2014/8xxx/CVE-2014-8476.json index d0ece2aed0d..94ba464b45a 100644 --- a/2014/8xxx/CVE-2014-8476.json +++ b/2014/8xxx/CVE-2014-8476.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-3070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3070" - }, - { - "name" : "FreeBSD-SA-14:25", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A25.setlogin.asc" - }, - { - "name" : "61118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61118" - }, - { - "name" : "62218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3070" + }, + { + "name": "FreeBSD-SA-14:25", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A25.setlogin.asc" + }, + { + "name": "62218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62218" + }, + { + "name": "61118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61118" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8869.json b/2014/8xxx/CVE-2014-8869.json index 7df178844bf..45b05c404dd 100644 --- a/2014/8xxx/CVE-2014-8869.json +++ b/2014/8xxx/CVE-2014-8869.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150112 [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534449/100/0/threaded" - }, - { - "name" : "20150112 [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/31" - }, - { - "name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-015/-cross-site-scripting-in-tapatalk-plugin-for-woltlab-burning-board-4-0", - "refsource" : "MISC", - "url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-015/-cross-site-scripting-in-tapatalk-plugin-for-woltlab-burning-board-4-0" - }, - { - "name" : "https://support.tapatalk.com/threads/tapatalk-for-woltlab-plugin-release-announcement-and-changelog.19540", - "refsource" : "CONFIRM", - "url" : "https://support.tapatalk.com/threads/tapatalk-for-woltlab-plugin-release-announcement-and-changelog.19540" - }, - { - "name" : "71997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.tapatalk.com/threads/tapatalk-for-woltlab-plugin-release-announcement-and-changelog.19540", + "refsource": "CONFIRM", + "url": "https://support.tapatalk.com/threads/tapatalk-for-woltlab-plugin-release-announcement-and-changelog.19540" + }, + { + "name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-015/-cross-site-scripting-in-tapatalk-plugin-for-woltlab-burning-board-4-0", + "refsource": "MISC", + "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-015/-cross-site-scripting-in-tapatalk-plugin-for-woltlab-burning-board-4-0" + }, + { + "name": "20150112 [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534449/100/0/threaded" + }, + { + "name": "20150112 [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/31" + }, + { + "name": "71997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71997" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8914.json b/2014/8xxx/CVE-2014-8914.json index 893f0d2757b..d4faffff66c 100644 --- a/2014/8xxx/CVE-2014-8914.json +++ b/2014/8xxx/CVE-2014-8914.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693239", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693239" - }, - { - "name" : "JR51836", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836" - }, - { - "name" : "JR52103", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103" - }, - { - "name" : "1031614", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031614" - }, - { - "name" : "62205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62205" - }, - { - "name" : "ibm-bpm-cve20148914-xss(99285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62205" + }, + { + "name": "JR51836", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693239" + }, + { + "name": "ibm-bpm-cve20148914-xss(99285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99285" + }, + { + "name": "1031614", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031614" + }, + { + "name": "JR52103", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8919.json b/2014/8xxx/CVE-2014-8919.json index d37e74b6eb7..2447c068de9 100644 --- a/2014/8xxx/CVE-2014-8919.json +++ b/2014/8xxx/CVE-2014-8919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8946.json b/2014/8xxx/CVE-2014-8946.json index dc8a691a631..d904189d960 100644 --- a/2014/8xxx/CVE-2014-8946.json +++ b/2014/8xxx/CVE-2014-8946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9422.json b/2014/9xxx/CVE-2014-9422.json index 83f10807368..0a82fe57095 100644 --- a/2014/9xxx/CVE-2014-9422.json +++ b/2014/9xxx/CVE-2014-9422.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt" - }, - { - "name" : "https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8" - }, - { - "name" : "DSA-3153", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3153" - }, - { - "name" : "FEDORA-2015-2382", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html" - }, - { - "name" : "FEDORA-2015-2347", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html" - }, - { - "name" : "MDVSA-2015:069", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069" - }, - { - "name" : "RHSA-2015:0439", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0439.html" - }, - { - "name" : "RHSA-2015:0794", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0794.html" - }, - { - "name" : "SUSE-SU-2015:0257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:0290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html" - }, - { - "name" : "openSUSE-SU-2015:0255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html" - }, - { - "name" : "USN-2498-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2498-1" - }, - { - "name" : "72494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-2347", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt" + }, + { + "name": "RHSA-2015:0794", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0794.html" + }, + { + "name": "https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8" + }, + { + "name": "FEDORA-2015-2382", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html" + }, + { + "name": "DSA-3153", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3153" + }, + { + "name": "openSUSE-SU-2015:0255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html" + }, + { + "name": "RHSA-2015:0439", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html" + }, + { + "name": "SUSE-SU-2015:0290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html" + }, + { + "name": "72494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72494" + }, + { + "name": "MDVSA-2015:069", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069" + }, + { + "name": "USN-2498-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2498-1" + }, + { + "name": "SUSE-SU-2015:0257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9656.json b/2014/9xxx/CVE-2014-9656.json index 954449fd9de..173838ea358 100644 --- a/2014/9xxx/CVE-2014-9656.json +++ b/2014/9xxx/CVE-2014-9656.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=196", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=196" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0083.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0083.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3188" - }, - { - "name" : "FEDORA-2015-2216", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" - }, - { - "name" : "FEDORA-2015-2237", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" - }, - { - "name" : "GLSA-201503-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-05" - }, - { - "name" : "MDVSA-2015:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" - }, - { - "name" : "openSUSE-SU-2015:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" - }, - { - "name" : "USN-2510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2510-1" - }, - { - "name" : "USN-2739-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2739-1" - }, - { - "name" : "72986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3188" + }, + { + "name": "GLSA-201503-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-05" + }, + { + "name": "72986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72986" + }, + { + "name": "USN-2739-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2739-1" + }, + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=196", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=196" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a" + }, + { + "name": "openSUSE-SU-2015:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0083.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0083.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "FEDORA-2015-2216", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" + }, + { + "name": "MDVSA-2015:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" + }, + { + "name": "USN-2510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2510-1" + }, + { + "name": "FEDORA-2015-2237", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9743.json b/2014/9xxx/CVE-2014-9743.json index 4a6b4d54d45..50b3e973359 100644 --- a/2014/9xxx/CVE-2014-9743.json +++ b/2014/9xxx/CVE-2014-9743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140318 [Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/324" - }, - { - "name" : "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/" - }, - { - "name" : "http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b" - }, - { - "name" : "66307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140318 [Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/324" + }, + { + "name": "66307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66307" + }, + { + "name": "http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b" + }, + { + "name": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/", + "refsource": "MISC", + "url": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9758.json b/2014/9xxx/CVE-2014-9758.json index c3b64f3bfdf..2cb7310cfbd 100644 --- a/2014/9xxx/CVE-2014-9758.json +++ b/2014/9xxx/CVE-2014-9758.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151204 Re: CVE Request: Magento SWF XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/05/4" - }, - { - "name" : "http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/", - "refsource" : "MISC", - "url" : "http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151204 Re: CVE Request: Magento SWF XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/05/4" + }, + { + "name": "http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/", + "refsource": "MISC", + "url": "http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9937.json b/2014/9xxx/CVE-2014-9937.json index 7d87a62c946..ebb240a9e01 100644 --- a/2014/9xxx/CVE-2014-9937.json +++ b/2014/9xxx/CVE-2014-9937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm Products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow Vulnerability in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm Products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97329" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow Vulnerability in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97329" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2248.json b/2016/2xxx/CVE-2016-2248.json index 12e40870b6a..db3d3157ed8 100644 --- a/2016/2xxx/CVE-2016-2248.json +++ b/2016/2xxx/CVE-2016-2248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2248", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2248", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2619.json b/2016/2xxx/CVE-2016-2619.json index 62e7a4ddc7d..a6a9db2fa08 100644 --- a/2016/2xxx/CVE-2016-2619.json +++ b/2016/2xxx/CVE-2016-2619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2619", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2619", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2695.json b/2016/2xxx/CVE-2016-2695.json index 281c0b4b4d4..57e35577eda 100644 --- a/2016/2xxx/CVE-2016-2695.json +++ b/2016/2xxx/CVE-2016-2695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2695", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2695", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6294.json b/2016/6xxx/CVE-2016-6294.json index 132042f82ba..128f21b0692 100644 --- a/2016/6xxx/CVE-2016-6294.json +++ b/2016/6xxx/CVE-2016-6294.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/24/2" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/72533", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/72533" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "DSA-3631", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3631" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92115" - }, - { - "name" : "1036430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92115" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "https://bugs.php.net/72533", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/72533" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "1036430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036430" + }, + { + "name": "DSA-3631", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3631" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/24/2" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6505.json b/2016/6xxx/CVE-2016-6505.json index 79106852a6c..355c56f16ac 100644 --- a/2016/6xxx/CVE-2016-6505.json +++ b/2016/6xxx/CVE-2016-6505.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40197", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40197/" - }, - { - "name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/28/3" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-41.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-41.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95" - }, - { - "name" : "DSA-3648", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3648" - }, - { - "name" : "92163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92163" - }, - { - "name" : "1036480", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/28/3" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577" + }, + { + "name": "DSA-3648", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3648" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-41.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-41.html" + }, + { + "name": "92163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92163" + }, + { + "name": "40197", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40197/" + }, + { + "name": "1036480", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036480" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6711.json b/2016/6xxx/CVE-2016-6711.json index ca1bf7f3927..babef39d3c6 100644 --- a/2016/6xxx/CVE-2016-6711.json +++ b/2016/6xxx/CVE-2016-6711.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693" - }, - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94137" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7619.json b/2016/7xxx/CVE-2016-7619.json index f84341b43bf..5f8a3f63992 100644 --- a/2016/7xxx/CVE-2016-7619.json +++ b/2016/7xxx/CVE-2016-7619.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"libarchive\" component, which allows local users to write to arbitrary files via vectors related to symlinks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"libarchive\" component, which allows local users to write to arbitrary files via vectors related to symlinks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7679.json b/2016/7xxx/CVE-2016-7679.json index 0f46259a95a..8ea5d32662b 100644 --- a/2016/7xxx/CVE-2016-7679.json +++ b/2016/7xxx/CVE-2016-7679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7679", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5534.json b/2017/5xxx/CVE-2017-5534.json index 1b1d7be4476..dd6a9d18603 100644 --- a/2017/5xxx/CVE-2017-5534.json +++ b/2017/5xxx/CVE-2017-5534.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2017-12-12T17:00:00.000Z", - "ID" : "CVE-2017-5534", - "STATE" : "PUBLIC", - "TITLE" : "Improper sandboxing of a third-party component in tibbr" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tibbr Community", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.1 and below" - }, - { - "version_value" : "6.0.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0.0" - } - ] - } - }, - { - "product_name" : "tibbr Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.1 and below" - }, - { - "version_value" : "6.0.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the ability to execute arbitrary code with the privileges of the user that invoked the tibbr server." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2017-12-12T17:00:00.000Z", + "ID": "CVE-2017-5534", + "STATE": "PUBLIC", + "TITLE": "Improper sandboxing of a third-party component in tibbr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tibbr Community", + "version": { + "version_data": [ + { + "version_value": "5.2.1 and below" + }, + { + "version_value": "6.0.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0.0" + } + ] + } + }, + { + "product_name": "tibbr Enterprise", + "version": { + "version_data": [ + { + "version_value": "5.2.1 and below" + }, + { + "version_value": "6.0.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5534", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5534" - } - ] - }, - "solution" : "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\n\nFor tibbr Community\n versions 5.2.1 and below, upgrade to version 5.2.2 or higher\n versions 6.0.X, upgrade to version 6.0.2 or higher\n version 7.0.0, upgrade to version 7.0.1 or higher\n\nFor tibbr Enterprise\n versions 5.2.1 and below, upgrade to version 5.2.2 or higher\n versions 6.0.X, upgrade to version 6.0.2 or higher\n version 7.0.0, upgrade to version 7.0.1 or higher\n" -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the ability to execute arbitrary code with the privileges of the user that invoked the tibbr server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5534", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5534" + } + ] + }, + "solution": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\n\nFor tibbr Community\n versions 5.2.1 and below, upgrade to version 5.2.2 or higher\n versions 6.0.X, upgrade to version 6.0.2 or higher\n version 7.0.0, upgrade to version 7.0.1 or higher\n\nFor tibbr Enterprise\n versions 5.2.1 and below, upgrade to version 5.2.2 or higher\n versions 6.0.X, upgrade to version 6.0.2 or higher\n version 7.0.0, upgrade to version 7.0.1 or higher\n" +} \ No newline at end of file