diff --git a/2006/0xxx/CVE-2006-0414.json b/2006/0xxx/CVE-2006-0414.json index b2fcb227b08..5a92c908429 100644 --- a/2006/0xxx/CVE-2006-0414.json +++ b/2006/0xxx/CVE-2006-0414.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://archives.seul.org/or/announce/Jan-2006/msg00001.html", - "refsource" : "CONFIRM", - "url" : "http://archives.seul.org/or/announce/Jan-2006/msg00001.html" - }, - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "18323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18323" - }, - { - "name" : "19795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19795" - }, - { - "name" : "22689", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22689" - }, - { - "name" : "18576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18576" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - }, - { - "name" : "tor-service-information-disclosure(24285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19795" + }, + { + "name": "18576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18576" + }, + { + "name": "tor-service-information-disclosure(24285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24285" + }, + { + "name": "18323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18323" + }, + { + "name": "22689", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22689" + }, + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + }, + { + "name": "http://archives.seul.org/or/announce/Jan-2006/msg00001.html", + "refsource": "CONFIRM", + "url": "http://archives.seul.org/or/announce/Jan-2006/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0595.json b/2006/0xxx/CVE-2006-0595.json index d2acc5edca8..9661443e7c2 100644 --- a/2006/0xxx/CVE-2006-0595.json +++ b/2006/0xxx/CVE-2006-0595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0685.json b/2006/0xxx/CVE-2006-0685.json index 6cefec5136d..b2c2983fd24 100644 --- a/2006/0xxx/CVE-2006-0685.json +++ b/2006/0xxx/CVE-2006-0685.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060211 RS-2006-1: Multiple flaws in VHCS 2.x", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424816/100/0/threaded" - }, - { - "name" : "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", - "refsource" : "MISC", - "url" : "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt" - }, - { - "name" : "16600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16600" - }, - { - "name" : "ADV-2006-0534", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0534" - }, - { - "name" : "18799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18799" - }, - { - "name" : "vhcs-checklogin-auth-bypass(24666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18799" + }, + { + "name": "20060211 RS-2006-1: Multiple flaws in VHCS 2.x", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424816/100/0/threaded" + }, + { + "name": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", + "refsource": "MISC", + "url": "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt" + }, + { + "name": "16600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16600" + }, + { + "name": "vhcs-checklogin-auth-bypass(24666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24666" + }, + { + "name": "ADV-2006-0534", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0534" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0862.json b/2006/0xxx/CVE-2006-0862.json index 07a65714e32..6e22c8c48b4 100644 --- a/2006/0xxx/CVE-2006-0862.json +++ b/2006/0xxx/CVE-2006-0862.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060222 IRM 017: Multiple Vulnerabilities in Infovista Portal SE", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425779/100/0/threaded" - }, - { - "name" : "http://www.irmplc.com/advisory017.htm", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/advisory017.htm" - }, - { - "name" : "16776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16776" - }, - { - "name" : "ADV-2006-0695", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0695" - }, - { - "name" : "1015669", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015669" - }, - { - "name" : "18994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18994" - }, - { - "name" : "vistaportal-parameter-directory-traversal(24893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16776" + }, + { + "name": "vistaportal-parameter-directory-traversal(24893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24893" + }, + { + "name": "1015669", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015669" + }, + { + "name": "http://www.irmplc.com/advisory017.htm", + "refsource": "MISC", + "url": "http://www.irmplc.com/advisory017.htm" + }, + { + "name": "ADV-2006-0695", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0695" + }, + { + "name": "20060222 IRM 017: Multiple Vulnerabilities in Infovista Portal SE", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425779/100/0/threaded" + }, + { + "name": "18994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18994" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1195.json b/2006/1xxx/CVE-2006-1195.json index 95ebedd1811..c9a9e63f141 100644 --- a/2006/1xxx/CVE-2006-1195.json +++ b/2006/1xxx/CVE-2006-1195.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427465/100/0/threaded" - }, - { - "name" : "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/enetx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/enetx-adv.txt" - }, - { - "name" : "17087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17087" - }, - { - "name" : "ADV-2006-0940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0940" - }, - { - "name" : "23845", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23845" - }, - { - "name" : "1015767", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015767" - }, - { - "name" : "19208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19208" - }, - { - "name" : "enet-packet-dos(25158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html" + }, + { + "name": "20060312 Multiple vulnerabilities in ENet library (Jul 2005)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427465/100/0/threaded" + }, + { + "name": "1015767", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015767" + }, + { + "name": "enet-packet-dos(25158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25158" + }, + { + "name": "17087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17087" + }, + { + "name": "19208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19208" + }, + { + "name": "ADV-2006-0940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0940" + }, + { + "name": "http://aluigi.altervista.org/adv/enetx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/enetx-adv.txt" + }, + { + "name": "23845", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23845" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1419.json b/2006/1xxx/CVE-2006-1419.json index 77a21125efa..c502f7ae310 100644 --- a/2006/1xxx/CVE-2006-1419.json +++ b/2006/1xxx/CVE-2006-1419.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060326 nuked-klan<=1.7.5 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428895/100/0/threaded" - }, - { - "name" : "17233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17233" - }, - { - "name" : "ADV-2006-1134", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1134" - }, - { - "name" : "24204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24204" - }, - { - "name" : "19382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19382" - }, - { - "name" : "632", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/632" - }, - { - "name" : "nuked-klan-calendar-sql-injection(25446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1134", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1134" + }, + { + "name": "632", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/632" + }, + { + "name": "19382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19382" + }, + { + "name": "20060326 nuked-klan<=1.7.5 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428895/100/0/threaded" + }, + { + "name": "24204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24204" + }, + { + "name": "17233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17233" + }, + { + "name": "nuked-klan-calendar-sql-injection(25446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25446" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1601.json b/2006/1xxx/CVE-2006-1601.json index 1f968f35bfa..6cb12bb0d37 100644 --- a/2006/1xxx/CVE-2006-1601.json +++ b/2006/1xxx/CVE-2006-1601.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102278", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102278-1" - }, - { - "name" : "17313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17313" - }, - { - "name" : "ADV-2006-1175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1175" - }, - { - "name" : "1015849", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015849" - }, - { - "name" : "19444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19444" - }, - { - "name" : "suncluster-sunplex-information-disclosure(25543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17313" + }, + { + "name": "1015849", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015849" + }, + { + "name": "102278", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102278-1" + }, + { + "name": "suncluster-sunplex-information-disclosure(25543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25543" + }, + { + "name": "19444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19444" + }, + { + "name": "ADV-2006-1175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1175" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5317.json b/2006/5xxx/CVE-2006-5317.json index 251bad9f420..b11309a0224 100644 --- a/2006/5xxx/CVE-2006-5317.json +++ b/2006/5xxx/CVE-2006-5317.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061007 7 php scripts File Inclusion / Source disclosure Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448096/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/13061007.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/13061007.txt" - }, - { - "name" : "2504", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2504" - }, - { - "name" : "20429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20429" - }, - { - "name" : "1734", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1734" - }, - { - "name" : "eboli-index-file-inclide(29442)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1734", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1734" + }, + { + "name": "http://acid-root.new.fr/poc/13061007.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/13061007.txt" + }, + { + "name": "20429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20429" + }, + { + "name": "eboli-index-file-inclide(29442)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29442" + }, + { + "name": "20061007 7 php scripts File Inclusion / Source disclosure Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448096/100/0/threaded" + }, + { + "name": "2504", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2504" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5361.json b/2006/5xxx/CVE-2006-5361.json index a81c609dcb6..0ec64feba6f 100644 --- a/2006/5xxx/CVE-2006-5361.json +++ b/2006/5xxx/CVE-2006-5361.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5425.json b/2006/5xxx/CVE-2006-5425.json index c4af7e962b4..9eef1abd20b 100644 --- a/2006/5xxx/CVE-2006-5425.json +++ b/2006/5xxx/CVE-2006-5425.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 [MU-200610-01] Denial of Service in XORP OSPFv2", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116115975806681&w=2" - }, - { - "name" : "http://labs.musecurity.com/advisories/MU-200610-01.txt", - "refsource" : "MISC", - "url" : "http://labs.musecurity.com/advisories/MU-200610-01.txt" - }, - { - "name" : "http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt", - "refsource" : "CONFIRM", - "url" : "http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt" - }, - { - "name" : "20597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20597" - }, - { - "name" : "ADV-2006-4107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4107" - }, - { - "name" : "1017079", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017079" - }, - { - "name" : "22462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22462" - }, - { - "name" : "xorp-lsa-dos(29658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22462" + }, + { + "name": "http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt", + "refsource": "CONFIRM", + "url": "http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt" + }, + { + "name": "20597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20597" + }, + { + "name": "20061018 [MU-200610-01] Denial of Service in XORP OSPFv2", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116115975806681&w=2" + }, + { + "name": "http://labs.musecurity.com/advisories/MU-200610-01.txt", + "refsource": "MISC", + "url": "http://labs.musecurity.com/advisories/MU-200610-01.txt" + }, + { + "name": "xorp-lsa-dos(29658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29658" + }, + { + "name": "1017079", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017079" + }, + { + "name": "ADV-2006-4107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4107" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5691.json b/2006/5xxx/CVE-2006-5691.json index 5ad58f6db29..494fb0d02f6 100644 --- a/2006/5xxx/CVE-2006-5691.json +++ b/2006/5xxx/CVE-2006-5691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5691", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5691", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5913.json b/2006/5xxx/CVE-2006-5913.json index fb826051bcf..d9d0db2de16 100644 --- a/2006/5xxx/CVE-2006-5913.json +++ b/2006/5xxx/CVE-2006-5913.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061107 Re: IE7 website security certificate discrediting exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450825/100/0/threaded" - }, - { - "name" : "http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541", - "refsource" : "MISC", - "url" : "http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a \"The webpage no longer exists\" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061107 Re: IE7 website security certificate discrediting exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450825/100/0/threaded" + }, + { + "name": "http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541", + "refsource": "MISC", + "url": "http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2127.json b/2007/2xxx/CVE-2007-2127.json index 1be536c53cb..d1589a7d2fe 100644 --- a/2007/2xxx/CVE-2007-2127.json +++ b/2007/2xxx/CVE-2007-2127.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "TA07-108A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" - }, - { - "name" : "23532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23532" - }, - { - "name" : "ADV-2007-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1426" - }, - { - "name" : "1017927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-108A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" + }, + { + "name": "23532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23532" + }, + { + "name": "1017927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017927" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "ADV-2007-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1426" + }, + { + "name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2444.json b/2007/2xxx/CVE-2007-2444.json index a293fbc3b17..a17b4a2508d 100644 --- a/2007/2xxx/CVE-2007-2444.json +++ b/2007/2xxx/CVE-2007-2444.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-2444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468548/100/0/threaded" - }, - { - "name" : "20070515 FLEA-2007-0017-1: samba", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468670/100/0/threaded" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2007-2444.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2007-2444.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1366", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1366" - }, - { - "name" : "DSA-1291", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1291" - }, - { - "name" : "GLSA-200705-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-15.xml" - }, - { - "name" : "HPSBTU02218", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980" - }, - { - "name" : "SSRT071424", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980" - }, - { - "name" : "MDKSA-2007:104", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:104" - }, - { - "name" : "OpenPKG-SA-2007.012", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html" - }, - { - "name" : "SSA:2007-134-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906" - }, - { - "name" : "102964", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1" - }, - { - "name" : "200588", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1" - }, - { - "name" : "SUSE-SA:2007:031", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html" - }, - { - "name" : "2007-0017", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0017/" - }, - { - "name" : "USN-460-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-460-1" - }, - { - "name" : "USN-460-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-460-2" - }, - { - "name" : "23974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23974" - }, - { - "name" : "34698", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34698" - }, - { - "name" : "ADV-2007-1805", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1805" - }, - { - "name" : "ADV-2007-2210", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2210" - }, - { - "name" : "ADV-2007-2281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2281" - }, - { - "name" : "1018049", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018049" - }, - { - "name" : "25241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25241" - }, - { - "name" : "25246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25246" - }, - { - "name" : "25256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25256" - }, - { - "name" : "25232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25232" - }, - { - "name" : "25251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25251" - }, - { - "name" : "25270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25270" - }, - { - "name" : "25259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25259" - }, - { - "name" : "25255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25255" - }, - { - "name" : "25289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25289" - }, - { - "name" : "25675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25675" - }, - { - "name" : "25772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25772" - }, - { - "name" : "2701", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200705-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-15.xml" + }, + { + "name": "25289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25289" + }, + { + "name": "ADV-2007-1805", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1805" + }, + { + "name": "25772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25772" + }, + { + "name": "OpenPKG-SA-2007.012", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html" + }, + { + "name": "SUSE-SA:2007:031", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html" + }, + { + "name": "25270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25270" + }, + { + "name": "20070515 FLEA-2007-0017-1: samba", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468670/100/0/threaded" + }, + { + "name": "ADV-2007-2281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2281" + }, + { + "name": "ADV-2007-2210", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2210" + }, + { + "name": "HPSBTU02218", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980" + }, + { + "name": "2007-0017", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0017/" + }, + { + "name": "1018049", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018049" + }, + { + "name": "USN-460-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-460-1" + }, + { + "name": "2701", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2701" + }, + { + "name": "25241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25241" + }, + { + "name": "MDKSA-2007:104", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:104" + }, + { + "name": "25256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25256" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1366", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1366" + }, + { + "name": "25259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25259" + }, + { + "name": "SSA:2007-134-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906" + }, + { + "name": "102964", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1" + }, + { + "name": "DSA-1291", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1291" + }, + { + "name": "20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468548/100/0/threaded" + }, + { + "name": "SSRT071424", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980" + }, + { + "name": "25232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25232" + }, + { + "name": "25251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25251" + }, + { + "name": "200588", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1" + }, + { + "name": "USN-460-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-460-2" + }, + { + "name": "25246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25246" + }, + { + "name": "34698", + "refsource": "OSVDB", + "url": "http://osvdb.org/34698" + }, + { + "name": "25255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25255" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2007-2444.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2007-2444.html" + }, + { + "name": "23974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23974" + }, + { + "name": "25675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25675" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0016.json b/2010/0xxx/CVE-2010-0016.json index 9f09bb92642..3c9845b2925 100644 --- a/2010/0xxx/CVE-2010-0016.json +++ b/2010/0xxx/CVE-2010-0016.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka \"SMB Client Pool Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-006" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8278", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka \"SMB Client Pool Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8278", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8278" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-006" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0109.json b/2010/0xxx/CVE-2010-0109.json index 95ce7027d24..f0987dfe31c 100644 --- a/2010/0xxx/CVE-2010-0109.json +++ b/2010/0xxx/CVE-2010-0109.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00" - }, - { - "name" : "38410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38410" + }, + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0212.json b/2010/0xxx/CVE-2010-0212.json index 7344bd61ab0..1ffe5796954 100644 --- a/2010/0xxx/CVE-2010-0212.json +++ b/2010/0xxx/CVE-2010-0212.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515545/100/0/threaded" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201406-36", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" - }, - { - "name" : "RHSA-2010:0542", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0542.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "41770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41770" - }, - { - "name" : "1024221", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024221" - }, - { - "name" : "40639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40639" - }, - { - "name" : "40687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40687" - }, - { - "name" : "42787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42787" - }, - { - "name" : "ADV-2010-1849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1849" - }, - { - "name" : "ADV-2010-1858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1858" - }, - { - "name" : "ADV-2011-0025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024221", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024221" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "GLSA-201406-36", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" + }, + { + "name": "ADV-2010-1858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1858" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "ADV-2010-1849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1849" + }, + { + "name": "41770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41770" + }, + { + "name": "RHSA-2010:0542", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0542.html" + }, + { + "name": "40687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40687" + }, + { + "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "40639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40639" + }, + { + "name": "42787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42787" + }, + { + "name": "ADV-2011-0025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0025" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0556.json b/2010/0xxx/CVE-2010-0556.json index a35e7866c44..79b92eaf607 100644 --- a/2010/0xxx/CVE-2010-0556.json +++ b/2010/0xxx/CVE-2010-0556.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100216 Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509543/100/0/threaded" - }, - { - "name" : "http://www.vsecurity.com/advisory/20100215-1.txt", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/advisory/20100215-1.txt" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=32718", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=32718" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "38177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38177" - }, - { - "name" : "62319", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62319" - }, - { - "name" : "oval:org.mitre.oval:def:14407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14407" - }, - { - "name" : "1023583", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023583" - }, - { - "name" : "38545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38545" - }, - { - "name" : "ADV-2010-0361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0361" - }, - { - "name" : "googlechrome-dialogs-phishing(56216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38177" + }, + { + "name": "62319", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62319" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "1023583", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023583" + }, + { + "name": "ADV-2010-0361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0361" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=32718", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=32718" + }, + { + "name": "oval:org.mitre.oval:def:14407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14407" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html" + }, + { + "name": "http://www.vsecurity.com/advisory/20100215-1.txt", + "refsource": "MISC", + "url": "http://www.vsecurity.com/advisory/20100215-1.txt" + }, + { + "name": "googlechrome-dialogs-phishing(56216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56216" + }, + { + "name": "38545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38545" + }, + { + "name": "20100216 Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509543/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0986.json b/2010/0xxx/CVE-2010-0986.json index 4422cc38bce..04e679b2376 100644 --- a/2010/0xxx/CVE-2010-0986.json +++ b/2010/0xxx/CVE-2010-0986.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511264/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-34/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-34/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" - }, - { - "name" : "40086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40086" - }, - { - "name" : "oval:org.mitre.oval:def:6967", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6967" - }, - { - "name" : "38751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38751" - }, - { - "name" : "ADV-2010-1128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38751" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html" + }, + { + "name": "http://secunia.com/secunia_research/2010-34/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-34/" + }, + { + "name": "ADV-2010-1128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1128" + }, + { + "name": "20100512 Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511264/100/0/threaded" + }, + { + "name": "40086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40086" + }, + { + "name": "oval:org.mitre.oval:def:6967", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6967" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1355.json b/2010/1xxx/CVE-2010-1355.json index 68516a28a6e..962dd4d97a4 100644 --- a/2010/1xxx/CVE-2010-1355.json +++ b/2010/1xxx/CVE-2010-1355.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf", - "refsource" : "CONFIRM", - "url" : "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf", + "refsource": "CONFIRM", + "url": "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3051.json b/2010/3xxx/CVE-2010-3051.json index b6545d5191a..be7bfc74b57 100644 --- a/2010/3xxx/CVE-2010-3051.json +++ b/2010/3xxx/CVE-2010-3051.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3051", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3051", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3121.json b/2010/3xxx/CVE-2010-3121.json index 691dd933f43..49c49cd456d 100644 --- a/2010/3xxx/CVE-2010-3121.json +++ b/2010/3xxx/CVE-2010-3121.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#278785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/278785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#278785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/278785" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3652.json b/2010/3xxx/CVE-2010-3652.json index d0974552a04..d0869a08146 100644 --- a/2010/3xxx/CVE-2010-3652.json +++ b/2010/3xxx/CVE-2010-3652.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02663", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "SSRT100428", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "RHSA-2010:0829", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0829.html" - }, - { - "name" : "RHSA-2010:0834", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0834.html" - }, - { - "name" : "RHSA-2010:0867", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0867.html" - }, - { - "name" : "SUSE-SA:2010:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" - }, - { - "name" : "44687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44687" - }, - { - "name" : "oval:org.mitre.oval:def:11965", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11965" - }, - { - "name" : "oval:org.mitre.oval:def:15284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15284" - }, - { - "name" : "42183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42183" - }, - { - "name" : "42926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42926" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-2903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2903" - }, - { - "name" : "ADV-2010-2906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2906" - }, - { - "name" : "ADV-2010-2918", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2918" - }, - { - "name" : "ADV-2011-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0173" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "42183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42183" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "ADV-2010-2918", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2918" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "44687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44687" + }, + { + "name": "RHSA-2010:0834", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html" + }, + { + "name": "SUSE-SA:2010:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" + }, + { + "name": "42926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42926" + }, + { + "name": "SSRT100428", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2010-2903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2903" + }, + { + "name": "HPSBMA02663", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2011-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0173" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" + }, + { + "name": "oval:org.mitre.oval:def:11965", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11965" + }, + { + "name": "ADV-2010-2906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2906" + }, + { + "name": "RHSA-2010:0867", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html" + }, + { + "name": "oval:org.mitre.oval:def:15284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15284" + }, + { + "name": "RHSA-2010:0829", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3709.json b/2010/3xxx/CVE-2010-3709.json index 63742c6fb6e..6e516e75d80 100644 --- a/2010/3xxx/CVE-2010-3709.json +++ b/2010/3xxx/CVE-2010-3709.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/90" - }, - { - "name" : "15431", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15431" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/archive/2010.php#id2010-12-10-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2010.php#id2010-12-10-1" - }, - { - "name" : "http://www.php.net/releases/5_2_15.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_15.php" - }, - { - "name" : "http://www.php.net/releases/5_3_4.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_3_4.php" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "FEDORA-2010-18976", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" - }, - { - "name" : "FEDORA-2010-19011", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" - }, - { - "name" : "HPSBMA02662", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "SSRT100409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "MDVSA-2010:218", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218" - }, - { - "name" : "RHSA-2011:0195", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0195.html" - }, - { - "name" : "SSA:2010-357-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619" - }, - { - "name" : "USN-1042-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1042-1" - }, - { - "name" : "44718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44718" - }, - { - "name" : "1024690", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024690" - }, - { - "name" : "42729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42729" - }, - { - "name" : "42812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42812" - }, - { - "name" : "ADV-2010-3313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3313" - }, - { - "name" : "ADV-2011-0020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0020" - }, - { - "name" : "ADV-2011-0021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0021" - }, - { - "name" : "ADV-2011-0077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0077" + }, + { + "name": "FEDORA-2010-19011", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" + }, + { + "name": "42812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42812" + }, + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "HPSBMA02662", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "MDVSA-2010:218", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218" + }, + { + "name": "20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/90" + }, + { + "name": "RHSA-2011:0195", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html" + }, + { + "name": "1024690", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024690" + }, + { + "name": "http://www.php.net/releases/5_3_4.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_3_4.php" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "USN-1042-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1042-1" + }, + { + "name": "15431", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15431" + }, + { + "name": "ADV-2011-0021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0021" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "SSA:2010-357-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619" + }, + { + "name": "ADV-2010-3313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3313" + }, + { + "name": "http://www.php.net/archive/2010.php#id2010-12-10-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2010.php#id2010-12-10-1" + }, + { + "name": "http://www.php.net/releases/5_2_15.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_15.php" + }, + { + "name": "SSRT100409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "FEDORA-2010-18976", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log" + }, + { + "name": "ADV-2011-0020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0020" + }, + { + "name": "42729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42729" + }, + { + "name": "44718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44718" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3742.json b/2010/3xxx/CVE-2010-3742.json index 03efa7bfcc6..a1072d27ffc 100644 --- a/2010/3xxx/CVE-2010-3742.json +++ b/2010/3xxx/CVE-2010-3742.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14672", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14672/" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt" - }, - { - "name" : "67239", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67239" - }, - { - "name" : "41001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14672", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14672/" + }, + { + "name": "41001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41001" + }, + { + "name": "http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt" + }, + { + "name": "67239", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67239" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3842.json b/2010/3xxx/CVE-2010-3842.json index 658db92abc3..a80ae60968e 100644 --- a/2010/3xxx/CVE-2010-3842.json +++ b/2010/3xxx/CVE-2010-3842.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \\ (backslash) as a separator of path components within the Content-disposition HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101013 CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/13/1" - }, - { - "name" : "[oss-security] 20101013 Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/13/5" - }, - { - "name" : "[oss-security] 20101013 Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/13/4" - }, - { - "name" : "http://curl.haxx.se/docs/adv_20101013.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20101013.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=642642", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=642642" - }, - { - "name" : "1024583", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024583" - }, - { - "name" : "39532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \\ (backslash) as a separator of path components within the Content-disposition HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://curl.haxx.se/docs/adv_20101013.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20101013.html" + }, + { + "name": "[oss-security] 20101013 Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/13/4" + }, + { + "name": "[oss-security] 20101013 Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/13/5" + }, + { + "name": "1024583", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024583" + }, + { + "name": "39532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39532" + }, + { + "name": "[oss-security] 20101013 CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/13/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642642", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642642" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4004.json b/2010/4xxx/CVE-2010-4004.json index 4c33209a05c..1539c6b186e 100644 --- a/2010/4xxx/CVE-2010-4004.json +++ b/2010/4xxx/CVE-2010-4004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4299.json b/2010/4xxx/CVE-2010-4299.json index 476b484c055..ccb0d732cac 100644 --- a/2010/4xxx/CVE-2010-4299.json +++ b/2010/4xxx/CVE-2010-4299.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101107 ZDI-10-230: Novell ZENworks Handheld Management ZfHIPCND.exe Remote Code Execution Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=128916914213292&w=2" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-230/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-230/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007135", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007135" - }, - { - "name" : "1024691", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024691" - }, - { - "name" : "42130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101107 ZDI-10-230: Novell ZENworks Handheld Management ZfHIPCND.exe Remote Code Execution Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=128916914213292&w=2" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007135", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007135" + }, + { + "name": "1024691", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024691" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-230/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-230/" + }, + { + "name": "42130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42130" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4938.json b/2010/4xxx/CVE-2010-4938.json index 5ecaa4cfe79..51867b5610f 100644 --- a/2010/4xxx/CVE-2010-4938.json +++ b/2010/4xxx/CVE-2010-4938.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42455" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0101.json b/2014/0xxx/CVE-2014-0101.json index 7a03aa43545..d6c9e52b3f8 100644 --- a/2014/0xxx/CVE-2014-0101.json +++ b/2014/0xxx/CVE-2014-0101.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/04/6" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1070705", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1070705" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html" - }, - { - "name" : "RHSA-2014:0328", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0328.html" - }, - { - "name" : "RHSA-2014:0419", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0419.html" - }, - { - "name" : "RHSA-2014:0432", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0432.html" - }, - { - "name" : "USN-2173-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2173-1" - }, - { - "name" : "USN-2174-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2174-1" - }, - { - "name" : "65943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65943" - }, - { - "name" : "59216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65943" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html" + }, + { + "name": "RHSA-2014:0328", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html" + }, + { + "name": "USN-2173-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2173-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729" + }, + { + "name": "RHSA-2014:0432", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0432.html" + }, + { + "name": "USN-2174-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2174-1" + }, + { + "name": "RHSA-2014:0419", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0419.html" + }, + { + "name": "59216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59216" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1070705", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070705" + }, + { + "name": "https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729" + }, + { + "name": "[oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/04/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0203.json b/2014/0xxx/CVE-2014-0203.json index 2a20f98db90..93b80a7fcd4 100644 --- a/2014/0xxx/CVE-2014-0203.json +++ b/2014/0xxx/CVE-2014-0203.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=86acdca1b63e6890540fa19495cfc708beff3d8b", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=86acdca1b63e6890540fa19495cfc708beff3d8b" - }, - { - "name" : "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33", - "refsource" : "CONFIRM", - "url" : "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1094363", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1094363" - }, - { - "name" : "https://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0771.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0771.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3043.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3043.html" - }, - { - "name" : "68125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68125" - }, - { - "name" : "59309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59309" - }, - { - "name" : "59262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59262" - }, - { - "name" : "59406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59406" - }, - { - "name" : "59560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59262" + }, + { + "name": "68125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68125" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=86acdca1b63e6890540fa19495cfc708beff3d8b", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=86acdca1b63e6890540fa19495cfc708beff3d8b" + }, + { + "name": "59309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59309" + }, + { + "name": "59406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59406" + }, + { + "name": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33", + "refsource": "CONFIRM", + "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" + }, + { + "name": "59560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59560" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3043.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094363", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094363" + }, + { + "name": "https://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0799.json b/2014/0xxx/CVE-2014-0799.json index 6893d080b1a..8f868ed7f01 100644 --- a/2014/0xxx/CVE-2014-0799.json +++ b/2014/0xxx/CVE-2014-0799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0799", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0799", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4236.json b/2014/4xxx/CVE-2014-4236.json index b4b9bcd3c35..f31e22de7d3 100644 --- a/2014/4xxx/CVE-2014-4236.json +++ b/2014/4xxx/CVE-2014-4236.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689484", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689484" - }, - { - "name" : "68633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68633" - }, - { - "name" : "1030576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030576" - }, - { - "name" : "56910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56910" - }, - { - "name" : "62196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "56910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56910" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689484", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689484" + }, + { + "name": "68633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68633" + }, + { + "name": "1030576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030576" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "62196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62196" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4500.json b/2014/4xxx/CVE-2014-4500.json index 99b2f43f7ed..05a375a5eeb 100644 --- a/2014/4xxx/CVE-2014-4500.json +++ b/2014/4xxx/CVE-2014-4500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8096.json b/2014/8xxx/CVE-2014-8096.json index ed68217ed12..7fc7e7b3274 100644 --- a/2014/8xxx/CVE-2014-8096.json +++ b/2014/8xxx/CVE-2014-8096.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0532.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0532.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3095", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3095" - }, - { - "name" : "GLSA-201504-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-06" - }, - { - "name" : "MDVSA-2015:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" - }, - { - "name" : "71598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71598" - }, - { - "name" : "62292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62292" - }, - { - "name" : "61947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3095", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3095" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0532.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0532.html" + }, + { + "name": "GLSA-201504-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-06" + }, + { + "name": "62292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62292" + }, + { + "name": "71598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71598" + }, + { + "name": "MDVSA-2015:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "61947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61947" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8182.json b/2014/8xxx/CVE-2014-8182.json index 0a5535470b8..809b5d41be1 100644 --- a/2014/8xxx/CVE-2014-8182.json +++ b/2014/8xxx/CVE-2014-8182.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8182", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8182", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8705.json b/2014/8xxx/CVE-2014-8705.json index bc889a7d5e6..e83d7fa0f1a 100644 --- a/2014/8xxx/CVE-2014-8705.json +++ b/2014/8xxx/CVE-2014-8705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rossmarks.uk/portfolio.php", - "refsource" : "MISC", - "url" : "http://rossmarks.uk/portfolio.php" - }, - { - "name" : "http://rossmarks.uk/whitepapers/wonder_cms_2014.txt", - "refsource" : "MISC", - "url" : "http://rossmarks.uk/whitepapers/wonder_cms_2014.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rossmarks.uk/portfolio.php", + "refsource": "MISC", + "url": "http://rossmarks.uk/portfolio.php" + }, + { + "name": "http://rossmarks.uk/whitepapers/wonder_cms_2014.txt", + "refsource": "MISC", + "url": "http://rossmarks.uk/whitepapers/wonder_cms_2014.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9420.json b/2014/9xxx/CVE-2014-9420.json index 8422b0b8301..f5b3e97eb35 100644 --- a/2014/9xxx/CVE-2014-9420.json +++ b/2014/9xxx/CVE-2014-9420.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/25/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1175235", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1175235" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "FEDORA-2015-0515", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html" - }, - { - "name" : "FEDORA-2015-0517", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html" - }, - { - "name" : "MDVSA-2015:058", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" - }, - { - "name" : "RHSA-2015:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1081.html" - }, - { - "name" : "RHSA-2015:1137", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1137.html" - }, - { - "name" : "RHSA-2015:1138", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1138.html" - }, - { - "name" : "SUSE-SU-2015:0178", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html" - }, - { - "name" : "SUSE-SU-2015:0652", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:0714", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html" - }, - { - "name" : "USN-2490-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2490-1" - }, - { - "name" : "USN-2492-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2492-1" - }, - { - "name" : "USN-2493-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2493-1" - }, - { - "name" : "USN-2515-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2515-1" - }, - { - "name" : "USN-2516-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2516-1" - }, - { - "name" : "USN-2517-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2517-1" - }, - { - "name" : "USN-2518-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2518-1" - }, - { - "name" : "USN-2491-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2491-1" - }, - { - "name" : "62801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-0517", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html" + }, + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "USN-2515-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2515-1" + }, + { + "name": "USN-2491-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2491-1" + }, + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "USN-2490-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2490-1" + }, + { + "name": "USN-2492-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2492-1" + }, + { + "name": "SUSE-SU-2015:0652", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d" + }, + { + "name": "62801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62801" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "SUSE-SU-2015:0178", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html" + }, + { + "name": "RHSA-2015:1138", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html" + }, + { + "name": "USN-2518-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2518-1" + }, + { + "name": "MDVSA-2015:058", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" + }, + { + "name": "FEDORA-2015-0515", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html" + }, + { + "name": "USN-2493-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2493-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d" + }, + { + "name": "USN-2517-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2517-1" + }, + { + "name": "openSUSE-SU-2015:0714", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html" + }, + { + "name": "USN-2516-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2516-1" + }, + { + "name": "RHSA-2015:1137", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html" + }, + { + "name": "[oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/25/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1175235", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175235" + }, + { + "name": "RHSA-2015:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1081.html" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9495.json b/2014/9xxx/CVE-2014-9495.json index f279103ebd5..76cb7f5a966 100644 --- a/2014/9xxx/CVE-2014-9495.json +++ b/2014/9xxx/CVE-2014-9495.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/04/3" - }, - { - "name" : "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/p/png-mng/mailman/message/33173461/" - }, - { - "name" : "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/10/1" - }, - { - "name" : "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/10/3" - }, - { - "name" : "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/p/png-mng/mailman/message/33172831/" - }, - { - "name" : "https://support.apple.com/HT206167", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206167" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "APPLE-SA-2016-03-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" - }, - { - "name" : "71820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71820" - }, - { - "name" : "1031444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031444" - }, - { - "name" : "62725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150103 Re: CVE Request: libpng 1.6.15 Heap Overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/04/3" + }, + { + "name": "71820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71820" + }, + { + "name": "APPLE-SA-2016-03-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/HT206167", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206167" + }, + { + "name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available", + "refsource": "MLIST", + "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/" + }, + { + "name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3" + }, + { + "name": "[png-mng-implement] 20141221 Re: libpng-1.5.21rc02 and 1.6.16rc02 are available", + "refsource": "MLIST", + "url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/" + }, + { + "name": "1031444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031444" + }, + { + "name": "62725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62725" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9515.json b/2014/9xxx/CVE-2014-9515.json index 7e09cad599a..cb619481733 100644 --- a/2014/9xxx/CVE-2014-9515.json +++ b/2014/9xxx/CVE-2014-9515.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pentestingforfunandprofit/research/tree/master/dozer-rce", - "refsource" : "MISC", - "url" : "https://github.com/pentestingforfunandprofit/research/tree/master/dozer-rce" - }, - { - "name" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", - "refsource" : "MISC", - "url" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" - }, - { - "name" : "https://github.com/DozerMapper/dozer/issues/217", - "refsource" : "CONFIRM", - "url" : "https://github.com/DozerMapper/dozer/issues/217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", + "refsource": "MISC", + "url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" + }, + { + "name": "https://github.com/DozerMapper/dozer/issues/217", + "refsource": "CONFIRM", + "url": "https://github.com/DozerMapper/dozer/issues/217" + }, + { + "name": "https://github.com/pentestingforfunandprofit/research/tree/master/dozer-rce", + "refsource": "MISC", + "url": "https://github.com/pentestingforfunandprofit/research/tree/master/dozer-rce" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9747.json b/2014/9xxx/CVE-2014-9747.json index aa9b8ee1092..e52f30cd5c1 100644 --- a/2014/9xxx/CVE-2014-9747.json +++ b/2014/9xxx/CVE-2014-9747.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-9747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150911 CVE Request: 2 FreeType issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/11/4" - }, - { - "name" : "[oss-security] 20150925 Re: CVE Request: 2 FreeType issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/25/4" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?41309", - "refsource" : "MISC", - "url" : "https://savannah.nongnu.org/bugs/?41309" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1" - }, - { - "name" : "DSA-3370", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150911 CVE Request: 2 FreeType issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/11/4" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1" + }, + { + "name": "[oss-security] 20150925 Re: CVE Request: 2 FreeType issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/25/4" + }, + { + "name": "https://savannah.nongnu.org/bugs/?41309", + "refsource": "MISC", + "url": "https://savannah.nongnu.org/bugs/?41309" + }, + { + "name": "DSA-3370", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3370" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9852.json b/2014/9xxx/CVE-2014-9852.json index 9d309fb000a..b67c047e8e0 100644 --- a/2014/9xxx/CVE-2014-9852.json +++ b/2014/9xxx/CVE-2014-9852.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343512" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2327.json b/2016/2xxx/CVE-2016-2327.json index d601bd23c66..321ac9d88b7 100644 --- a/2016/2xxx/CVE-2016-2327.json +++ b/2016/2xxx/CVE-2016-2327.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589" - }, - { - "name" : "GLSA-201606-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-09" - }, - { - "name" : "1035010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589" + }, + { + "name": "1035010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035010" + }, + { + "name": "GLSA-201606-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-09" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2858.json b/2016/2xxx/CVE-2016-2858.json index a6f17520f55..ef81f54db62 100644 --- a/2016/2xxx/CVE-2016-2858.json +++ b/2016/2xxx/CVE-2016-2858.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/04/1" - }, - { - "name" : "[oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/07/4" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1314676", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1314676" - }, - { - "name" : "GLSA-201604-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-01" - }, - { - "name" : "USN-2974-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2974-1" - }, - { - "name" : "84134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/07/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1314676", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314676" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956" + }, + { + "name": "GLSA-201604-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-01" + }, + { + "name": "84134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84134" + }, + { + "name": "USN-2974-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2974-1" + }, + { + "name": "[oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/04/1" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3124.json b/2016/3xxx/CVE-2016-3124.json index 04c02da2bd3..5c08b5bf9bc 100644 --- a/2016/3xxx/CVE-2016-3124.json +++ b/2016/3xxx/CVE-2016-3124.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://simplesamlphp.org/security/201603-01", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201603-01" - }, - { - "name" : "96134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96134" + }, + { + "name": "https://simplesamlphp.org/security/201603-01", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201603-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3451.json b/2016/3xxx/CVE-2016-3451.json index 31be42261c5..1c6b04bdb6f 100644 --- a/2016/3xxx/CVE-2016-3451.json +++ b/2016/3xxx/CVE-2016-3451.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "92022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92022" - }, - { - "name" : "1036408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036408" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "92022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92022" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3556.json b/2016/3xxx/CVE-2016-3556.json index b7b63fa5729..bdd5a4191ff 100644 --- a/2016/3xxx/CVE-2016-3556.json +++ b/2016/3xxx/CVE-2016-3556.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91941" - }, - { - "name" : "1036402", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91941" + }, + { + "name": "1036402", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036402" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3694.json b/2016/3xxx/CVE-2016-3694.json index d63d923938e..ceb7966d973 100644 --- a/2016/3xxx/CVE-2016-3694.json +++ b/2016/3xxx/CVE-2016-3694.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39710", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39710/" - }, - { - "name" : "http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html" + }, + { + "name": "39710", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39710/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3865.json b/2016/3xxx/CVE-2016-3865.json index 7914e123782..8279ccfb2a2 100644 --- a/2016/3xxx/CVE-2016-3865.json +++ b/2016/3xxx/CVE-2016-3865.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "92871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92871" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "92871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92871" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6018.json b/2016/6xxx/CVE-2016-6018.json index e63d532319b..b475ba23563 100644 --- a/2016/6xxx/CVE-2016-6018.json +++ b/2016/6xxx/CVE-2016-6018.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2016-6018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Contract Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0.0" - }, - { - "version_value" : "10.0.1.0" - }, - { - "version_value" : "10.0.2.0" - }, - { - "version_value" : "10.0.4.0" - }, - { - "version_value" : "10.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2016-6018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Contract Management", + "version": { + "version_data": [ + { + "version_value": "10.0.0.0" + }, + { + "version_value": "10.0.1.0" + }, + { + "version_value": "10.0.2.0" + }, + { + "version_value": "10.0.4.0" + }, + { + "version_value": "10.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005664", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005664" - }, - { - "name" : "99624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005664", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005664" + }, + { + "name": "99624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99624" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6221.json b/2016/6xxx/CVE-2016-6221.json index 0c5658237b2..d1016d03d3d 100644 --- a/2016/6xxx/CVE-2016-6221.json +++ b/2016/6xxx/CVE-2016-6221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6437.json b/2016/6xxx/CVE-2016-6437.json index ebdc0f1ca5f..792839738ef 100644 --- a/2016/6xxx/CVE-2016-6437.json +++ b/2016/6xxx/CVE-2016-6437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)", + "version": { + "version_data": [ + { + "version_value": "Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas" - }, - { - "name" : "93524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93524" - }, - { - "name" : "1037002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037002" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas" + }, + { + "name": "93524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93524" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6906.json b/2016/6xxx/CVE-2016-6906.json index 5bbbf36d9a2..48195026bec 100644 --- a/2016/6xxx/CVE-2016-6906.json +++ b/2016/6xxx/CVE-2016-6906.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md" - }, - { - "name" : "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558" - }, - { - "name" : "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415" - }, - { - "name" : "DSA-3777", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3777" - }, - { - "name" : "96503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md" + }, + { + "name": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558" + }, + { + "name": "DSA-3777", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3777" + }, + { + "name": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415" + }, + { + "name": "96503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96503" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7148.json b/2016/7xxx/CVE-2016-7148.json index 53de2ec0d6d..8a5384a59f9 100644 --- a/2016/7xxx/CVE-2016-7148.json +++ b/2016/7xxx/CVE-2016-7148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", - "refsource" : "MISC", - "url" : "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" - }, - { - "name" : "DSA-3715", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3715" - }, - { - "name" : "USN-3137-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3137-1" - }, - { - "name" : "94259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3137-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3137-1" + }, + { + "name": "94259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94259" + }, + { + "name": "DSA-3715", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3715" + }, + { + "name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", + "refsource": "MISC", + "url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7227.json b/2016/7xxx/CVE-2016-7227.json index 585bf6beb43..6dd03d14ed3 100644 --- a/2016/7xxx/CVE-2016-7227.json +++ b/2016/7xxx/CVE-2016-7227.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-129", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" - }, - { - "name" : "MS16-142", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142" - }, - { - "name" : "94065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94065" - }, - { - "name" : "1037245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-129", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" + }, + { + "name": "MS16-142", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142" + }, + { + "name": "94065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94065" + }, + { + "name": "1037245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037245" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7418.json b/2016/7xxx/CVE-2016-7418.json index 2cafbadd53b..741dfb55029 100644 --- a/2016/7xxx/CVE-2016-7418.json +++ b/2016/7xxx/CVE-2016-7418.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/15/10" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73065", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73065" - }, - { - "name" : "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "93011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93011" - }, - { - "name" : "1036836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "1036836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036836" + }, + { + "name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "93011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93011" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "https://bugs.php.net/bug.php?id=73065", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73065" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7920.json b/2016/7xxx/CVE-2016-7920.json index bb539ef2513..4c6f817f7eb 100644 --- a/2016/7xxx/CVE-2016-7920.json +++ b/2016/7xxx/CVE-2016-7920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7920", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7920", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file