From 779be6ccf63f709dbc50c30cac5b0dfd04d5d58b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:15:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0590.json | 140 +++---- 2006/1xxx/CVE-2006-1212.json | 180 ++++----- 2006/1xxx/CVE-2006-1233.json | 200 +++++----- 2006/1xxx/CVE-2006-1441.json | 190 +++++----- 2006/5xxx/CVE-2006-5068.json | 190 +++++----- 2006/5xxx/CVE-2006-5337.json | 220 +++++------ 2006/5xxx/CVE-2006-5563.json | 170 ++++----- 2007/2xxx/CVE-2007-2437.json | 210 +++++------ 2007/2xxx/CVE-2007-2788.json | 690 +++++++++++++++++------------------ 2007/2xxx/CVE-2007-2800.json | 160 ++++---- 2007/2xxx/CVE-2007-2896.json | 190 +++++----- 2007/2xxx/CVE-2007-2920.json | 170 ++++----- 2010/0xxx/CVE-2010-0172.json | 170 ++++----- 2010/0xxx/CVE-2010-0355.json | 34 +- 2010/0xxx/CVE-2010-0909.json | 120 +++--- 2010/1xxx/CVE-2010-1515.json | 150 ++++---- 2010/3xxx/CVE-2010-3059.json | 150 ++++---- 2010/3xxx/CVE-2010-3588.json | 170 ++++----- 2010/3xxx/CVE-2010-3886.json | 150 ++++---- 2010/4xxx/CVE-2010-4228.json | 190 +++++----- 2010/4xxx/CVE-2010-4331.json | 160 ++++---- 2010/4xxx/CVE-2010-4339.json | 120 +++--- 2010/4xxx/CVE-2010-4646.json | 160 ++++---- 2010/4xxx/CVE-2010-4812.json | 160 ++++---- 2014/0xxx/CVE-2014-0394.json | 170 ++++----- 2014/0xxx/CVE-2014-0774.json | 140 +++---- 2014/0xxx/CVE-2014-0821.json | 160 ++++---- 2014/0xxx/CVE-2014-0823.json | 160 ++++---- 2014/0xxx/CVE-2014-0885.json | 130 +++---- 2014/4xxx/CVE-2014-4128.json | 160 ++++---- 2014/4xxx/CVE-2014-4171.json | 250 ++++++------- 2014/4xxx/CVE-2014-4290.json | 130 +++---- 2014/4xxx/CVE-2014-4687.json | 120 +++--- 2014/4xxx/CVE-2014-4953.json | 34 +- 2014/8xxx/CVE-2014-8670.json | 140 +++---- 2014/8xxx/CVE-2014-8779.json | 150 ++++---- 2014/9xxx/CVE-2014-9746.json | 170 ++++----- 2014/9xxx/CVE-2014-9817.json | 150 ++++---- 2014/9xxx/CVE-2014-9942.json | 130 +++---- 2014/9xxx/CVE-2014-9965.json | 140 +++---- 2016/3xxx/CVE-2016-3224.json | 34 +- 2016/3xxx/CVE-2016-3956.json | 170 ++++----- 2016/6xxx/CVE-2016-6347.json | 130 +++---- 2016/6xxx/CVE-2016-6548.json | 162 ++++---- 2016/6xxx/CVE-2016-6551.json | 152 ++++---- 2016/6xxx/CVE-2016-6816.json | 350 +++++++++--------- 2016/6xxx/CVE-2016-6980.json | 140 +++---- 2016/7xxx/CVE-2016-7069.json | 160 ++++---- 2016/7xxx/CVE-2016-7172.json | 140 +++---- 2016/7xxx/CVE-2016-7250.json | 140 +++---- 2016/7xxx/CVE-2016-7485.json | 34 +- 2016/7xxx/CVE-2016-7940.json | 170 ++++----- 2016/8xxx/CVE-2016-8346.json | 130 +++---- 2016/8xxx/CVE-2016-8529.json | 142 +++---- 2016/8xxx/CVE-2016-8740.json | 250 ++++++------- 2016/8xxx/CVE-2016-8973.json | 232 ++++++------ 56 files changed, 4657 insertions(+), 4657 deletions(-) diff --git a/2006/0xxx/CVE-2006-0590.json b/2006/0xxx/CVE-2006-0590.json index 8a504c269ac..21137be03d3 100644 --- a/2006/0xxx/CVE-2006-0590.json +++ b/2006/0xxx/CVE-2006-0590.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423950/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-249.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-249.html" - }, - { - "name" : "413", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "413", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/413" + }, + { + "name": "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423950/100/0/threaded" + }, + { + "name": "http://kapda.ir/advisory-249.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-249.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1212.json b/2006/1xxx/CVE-2006-1212.json index 5a41b1c5295..427be98207a 100644 --- a/2006/1xxx/CVE-2006-1212.json +++ b/2006/1xxx/CVE-2006-1212.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 CoreNews 2.0.1 Remote Command Exucetion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427387/100/0/threaded" - }, - { - "name" : "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1", - "refsource" : "MISC", - "url" : "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1" - }, - { - "name" : "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-March/000602.html" - }, - { - "name" : "17067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17067" - }, - { - "name" : "24080", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24080" - }, - { - "name" : "754", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/754" - }, - { - "name" : "corenews-index-command-execution(25180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a \"page\" parameter or variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1", + "refsource": "MISC", + "url": "http://web.archive.org/web/20050323212004/www.coreslawn.de/?show=downloads&cat_id=1" + }, + { + "name": "754", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/754" + }, + { + "name": "corenews-index-command-execution(25180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25180" + }, + { + "name": "20060309 CoreNews 2.0.1 Remote Command Exucetion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427387/100/0/threaded" + }, + { + "name": "17067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17067" + }, + { + "name": "24080", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24080" + }, + { + "name": "20060313 Oddness - CoreNews 2.0.1 Remote Command Exucetion", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-March/000602.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1233.json b/2006/1xxx/CVE-2006-1233.json index cba031fba67..690eacdc4d2 100644 --- a/2006/1xxx/CVE-2006-1233.json +++ b/2006/1xxx/CVE-2006-1233.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060312 WMNews Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427479/100/0/threaded" - }, - { - "name" : "http://biyosecurity.be/bugs/wmnews.txt", - "refsource" : "MISC", - "url" : "http://biyosecurity.be/bugs/wmnews.txt" - }, - { - "name" : "17076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17076" - }, - { - "name" : "ADV-2006-0939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0939" - }, - { - "name" : "23840", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23840" - }, - { - "name" : "23841", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23841" - }, - { - "name" : "23842", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23842" - }, - { - "name" : "19204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19204" - }, - { - "name" : "wmnews-multiple-scripts-xss(25210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23840", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23840" + }, + { + "name": "http://biyosecurity.be/bugs/wmnews.txt", + "refsource": "MISC", + "url": "http://biyosecurity.be/bugs/wmnews.txt" + }, + { + "name": "23842", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23842" + }, + { + "name": "23841", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23841" + }, + { + "name": "19204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19204" + }, + { + "name": "17076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17076" + }, + { + "name": "ADV-2006-0939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0939" + }, + { + "name": "20060312 WMNews Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427479/100/0/threaded" + }, + { + "name": "wmnews-multiple-scripts-xss(25210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25210" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1441.json b/2006/1xxx/CVE-2006-1441.json index b9c1d119b9f..5e8a02a0e12 100644 --- a/2006/1xxx/CVE-2006-1441.json +++ b/2006/1xxx/CVE-2006-1441.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25585", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25585" - }, - { - "name" : "1016082", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016082" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-cfnetwork-chunked-overlow(26406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "1016082", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016082" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + }, + { + "name": "macos-cfnetwork-chunked-overlow(26406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26406" + }, + { + "name": "25585", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25585" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5068.json b/2006/5xxx/CVE-2006-5068.json index 1511f25eaa0..6f6a88603ea 100644 --- a/2006/5xxx/CVE-2006-5068.json +++ b/2006/5xxx/CVE-2006-5068.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2432", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2432" - }, - { - "name" : "2433", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2433" - }, - { - "name" : "20192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20192" - }, - { - "name" : "ADV-2006-3773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3773" - }, - { - "name" : "29176", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29176" - }, - { - "name" : "22115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22115" - }, - { - "name" : "brudagb-index-file-include(29141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29141" - }, - { - "name" : "brudanews-index-file-include(29142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "brudagb-index-file-include(29141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29141" + }, + { + "name": "2432", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2432" + }, + { + "name": "22115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22115" + }, + { + "name": "ADV-2006-3773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3773" + }, + { + "name": "29176", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29176" + }, + { + "name": "brudanews-index-file-include(29142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29142" + }, + { + "name": "2433", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2433" + }, + { + "name": "20192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20192" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5337.json b/2006/5xxx/CVE-2006-5337.json index 13f1c34fba0..e6ea7a78bc9 100644 --- a/2006/5xxx/CVE-2006-5337.json +++ b/2006/5xxx/CVE-2006-5337.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 Analysis of the Oracle October 2006 Critical Patch Update", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449110/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf" + }, + { + "name": "20061018 Analysis of the Oracle October 2006 Critical Patch Update", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449110/100/0/threaded" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5563.json b/2006/5xxx/CVE-2006-5563.json index 1d7115ead52..29880ce4ca3 100644 --- a/2006/5xxx/CVE-2006-5563.json +++ b/2006/5xxx/CVE-2006-5563.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449667/100/0/threaded" - }, - { - "name" : "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html" - }, - { - "name" : "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html" - }, - { - "name" : "20625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20625" - }, - { - "name" : "ADV-2006-4193", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4193" - }, - { - "name" : "22510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061026 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html" + }, + { + "name": "22510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22510" + }, + { + "name": "20625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20625" + }, + { + "name": "20061024 Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html" + }, + { + "name": "ADV-2006-4193", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4193" + }, + { + "name": "20061025 Re: Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449667/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2437.json b/2007/2xxx/CVE-2007-2437.json index 9c1c7f9a71f..2540f76e621 100644 --- a/2007/2xxx/CVE-2007-2437.json +++ b/2007/2xxx/CVE-2007-2437.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rapid7.com/advisories/R7-0027.jsp", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0027.jsp" - }, - { - "name" : "102901", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102901-1" - }, - { - "name" : "200067", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200067-1" - }, - { - "name" : "23741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23741" - }, - { - "name" : "ADV-2007-1601", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1601" - }, - { - "name" : "ADV-2007-1658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1658" - }, - { - "name" : "34905", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34905" - }, - { - "name" : "1017984", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017984" - }, - { - "name" : "25121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25121" - }, - { - "name" : "xorg-xrender-dos(33976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rapid7.com/advisories/R7-0027.jsp", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0027.jsp" + }, + { + "name": "ADV-2007-1658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1658" + }, + { + "name": "ADV-2007-1601", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1601" + }, + { + "name": "34905", + "refsource": "OSVDB", + "url": "http://osvdb.org/34905" + }, + { + "name": "1017984", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017984" + }, + { + "name": "25121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25121" + }, + { + "name": "xorg-xrender-dos(33976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33976" + }, + { + "name": "23741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23741" + }, + { + "name": "200067", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200067-1" + }, + { + "name": "102901", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102901-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2788.json b/2007/2xxx/CVE-2007-2788.json index 61cd0b25c57..4fd0d3dc621 100644 --- a/2007/2xxx/CVE-2007-2788.json +++ b/2007/2xxx/CVE-2007-2788.json @@ -1,347 +1,347 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" - }, - { - "name" : "http://scary.beasts.org/security/CESA-2006-004.html", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2006-004.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307177", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307177" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" - }, - { - "name" : "APPLE-SA-2007-12-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" - }, - { - "name" : "BEA07-177.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/248" - }, - { - "name" : "GLSA-200705-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" - }, - { - "name" : "GLSA-200706-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-08.xml" - }, - { - "name" : "GLSA-200709-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" - }, - { - "name" : "GLSA-200804-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" - }, - { - "name" : "GLSA-200804-28", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml" - }, - { - "name" : "GLSA-200806-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" - }, - { - "name" : "RHSA-2007:0829", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0829.html" - }, - { - "name" : "RHSA-2007:0956", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0956.html" - }, - { - "name" : "RHSA-2007:1086", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1086.html" - }, - { - "name" : "RHSA-2007:0817", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0817.html" - }, - { - "name" : "RHSA-2008:0100", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0100.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "RHSA-2008:0133", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0133.html" - }, - { - "name" : "102934", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" - }, - { - "name" : "200856", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" - }, - { - "name" : "SUSE-SA:2007:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html" - }, - { - "name" : "SUSE-SA:2007:056", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" - }, - { - "name" : "VU#138545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/138545" - }, - { - "name" : "20070703 Sun JDK Confusion", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-July/001696.html" - }, - { - "name" : "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-July/001697.html" - }, - { - "name" : "20070711 Sun JDK Confusion", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-July/001708.html" - }, - { - "name" : "20071218 Sun JDK Confusion Revisited", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-December/001862.html" - }, - { - "name" : "24004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24004" - }, - { - "name" : "24267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24267" - }, - { - "name" : "oval:org.mitre.oval:def:11700", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700" - }, - { - "name" : "ADV-2007-1836", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1836" - }, - { - "name" : "ADV-2007-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3009" - }, - { - "name" : "ADV-2007-4224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4224" - }, - { - "name" : "ADV-2008-0065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0065" - }, - { - "name" : "1018182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018182" - }, - { - "name" : "25295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25295" - }, - { - "name" : "25474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25474" - }, - { - "name" : "25832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25832" - }, - { - "name" : "26049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26049" - }, - { - "name" : "26119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26119" - }, - { - "name" : "26369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26369" - }, - { - "name" : "26933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26933" - }, - { - "name" : "27203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27203" - }, - { - "name" : "27266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27266" - }, - { - "name" : "26645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26645" - }, - { - "name" : "28056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28056" - }, - { - "name" : "26311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26311" - }, - { - "name" : "26631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26631" - }, - { - "name" : "28115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28115" - }, - { - "name" : "28365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28365" - }, - { - "name" : "29340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29340" - }, - { - "name" : "29858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29858" - }, - { - "name" : "30780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30780" - }, - { - "name" : "30805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30805" - }, - { - "name" : "sunjava-iccprofile-overflow(34318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318" - }, - { - "name" : "sun-java-image-bo(34652)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26933" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307177", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307177" + }, + { + "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html" + }, + { + "name": "26049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26049" + }, + { + "name": "BEA07-177.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/248" + }, + { + "name": "26311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26311" + }, + { + "name": "20070703 Sun JDK Confusion", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html" + }, + { + "name": "sun-java-image-bo(34652)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652" + }, + { + "name": "200856", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1" + }, + { + "name": "http://scary.beasts.org/security/CESA-2006-004.html", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2006-004.html" + }, + { + "name": "30805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30805" + }, + { + "name": "ADV-2008-0065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0065" + }, + { + "name": "sunjava-iccprofile-overflow(34318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318" + }, + { + "name": "VU#138545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/138545" + }, + { + "name": "GLSA-200705-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml" + }, + { + "name": "24004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24004" + }, + { + "name": "20071218 Sun JDK Confusion Revisited", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html" + }, + { + "name": "26369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26369" + }, + { + "name": "GLSA-200804-28", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" + }, + { + "name": "102934", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1" + }, + { + "name": "28056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28056" + }, + { + "name": "29858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29858" + }, + { + "name": "SUSE-SA:2007:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" + }, + { + "name": "ADV-2007-1836", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1836" + }, + { + "name": "APPLE-SA-2007-12-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" + }, + { + "name": "RHSA-2008:0100", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html" + }, + { + "name": "RHSA-2007:0956", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" + }, + { + "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" + }, + { + "name": "RHSA-2007:0817", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html" + }, + { + "name": "26645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26645" + }, + { + "name": "26119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26119" + }, + { + "name": "28365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28365" + }, + { + "name": "24267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24267" + }, + { + "name": "25832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25832" + }, + { + "name": "ADV-2007-4224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4224" + }, + { + "name": "GLSA-200706-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml" + }, + { + "name": "30780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30780" + }, + { + "name": "25295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25295" + }, + { + "name": "ADV-2007-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3009" + }, + { + "name": "27266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27266" + }, + { + "name": "SUSE-SA:2007:056", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html" + }, + { + "name": "20070711 Sun JDK Confusion", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html" + }, + { + "name": "GLSA-200709-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" + }, + { + "name": "28115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28115" + }, + { + "name": "1018182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018182" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "29340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29340" + }, + { + "name": "25474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25474" + }, + { + "name": "RHSA-2007:1086", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html" + }, + { + "name": "27203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27203" + }, + { + "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html" + }, + { + "name": "GLSA-200804-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" + }, + { + "name": "GLSA-200806-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" + }, + { + "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" + }, + { + "name": "RHSA-2007:0829", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" + }, + { + "name": "26631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26631" + }, + { + "name": "oval:org.mitre.oval:def:11700", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700" + }, + { + "name": "RHSA-2008:0133", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2800.json b/2007/2xxx/CVE-2007-2800.json index 4d8b11b1b2c..a1e4274380d 100644 --- a/2007/2xxx/CVE-2007-2800.json +++ b/2007/2xxx/CVE-2007-2800.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472431/100/0/threaded" - }, - { - "name" : "20070627 eTicket version 1.5.5 Path Disclosure", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=118297850220633&w=2" - }, - { - "name" : "http://www.netvigilance.com/advisory0030", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0030" - }, - { - "name" : "34785", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34785" - }, - { - "name" : "eticket-index-path-disclosure(35122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.netvigilance.com/advisory0030", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0030" + }, + { + "name": "20070627 eTicket version 1.5.5 Path Disclosure", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=118297850220633&w=2" + }, + { + "name": "eticket-index-path-disclosure(35122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122" + }, + { + "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded" + }, + { + "name": "34785", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34785" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2896.json b/2007/2xxx/CVE-2007-2896.json index 2d78b384465..91a7bf8127b 100644 --- a/2007/2xxx/CVE-2007-2896.json +++ b/2007/2xxx/CVE-2007-2896.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html" - }, - { - "name" : "24123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24123" - }, - { - "name" : "ADV-2007-1940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1940" - }, - { - "name" : "35077", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35077" - }, - { - "name" : "1018120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018120" - }, - { - "name" : "25390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25390" - }, - { - "name" : "symantec-esm-dos(34507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24b.html" + }, + { + "name": "1018120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018120" + }, + { + "name": "ADV-2007-1940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1940" + }, + { + "name": "24123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24123" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html" + }, + { + "name": "25390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25390" + }, + { + "name": "symantec-esm-dos(34507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34507" + }, + { + "name": "35077", + "refsource": "OSVDB", + "url": "http://osvdb.org/35077" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2920.json b/2007/2xxx/CVE-2007-2920.json index f2982ca055c..7dfa961d918 100644 --- a/2007/2xxx/CVE-2007-2920.json +++ b/2007/2xxx/CVE-2007-2920.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-2920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#174177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/174177" - }, - { - "name" : "24421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24421" - }, - { - "name" : "ADV-2007-2142", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2142" - }, - { - "name" : "37207", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37207" - }, - { - "name" : "25625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25625" - }, - { - "name" : "zoomifyviewer-zactivex-bo(34825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zoomifyviewer-zactivex-bo(34825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34825" + }, + { + "name": "ADV-2007-2142", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2142" + }, + { + "name": "25625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25625" + }, + { + "name": "37207", + "refsource": "OSVDB", + "url": "http://osvdb.org/37207" + }, + { + "name": "24421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24421" + }, + { + "name": "VU#174177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/174177" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0172.json b/2010/0xxx/CVE-2010-0172.json index 4a60ede71c2..4173106ca35 100644 --- a/2010/0xxx/CVE-2010-0172.json +++ b/2010/0xxx/CVE-2010-0172.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537862", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537862" - }, - { - "name" : "MDVSA-2010:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" - }, - { - "name" : "38918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38918" - }, - { - "name" : "oval:org.mitre.oval:def:8281", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281" - }, - { - "name" : "ADV-2010-0692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38918" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html" + }, + { + "name": "oval:org.mitre.oval:def:8281", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281" + }, + { + "name": "MDVSA-2010:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" + }, + { + "name": "ADV-2010-0692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0692" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=537862", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=537862" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0355.json b/2010/0xxx/CVE-2010-0355.json index cfee5012a4c..a25fe1fa77f 100644 --- a/2010/0xxx/CVE-2010-0355.json +++ b/2010/0xxx/CVE-2010-0355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0355", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0355", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0909.json b/2010/0xxx/CVE-2010-0909.json index b8bb864b261..47de8e78c33 100644 --- a/2010/0xxx/CVE-2010-0909.json +++ b/2010/0xxx/CVE-2010-0909.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1515.json b/2010/1xxx/CVE-2010-1515.json index a5cf8d97b92..2d31a9babd1 100644 --- a/2010/1xxx/CVE-2010-1515.json +++ b/2010/1xxx/CVE-2010-1515.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/148/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/148/45/" - }, - { - "name" : "http://secunia.com/secunia_research/2010-58/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-58/" - }, - { - "name" : "40544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40544" - }, - { - "name" : "39680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39680" + }, + { + "name": "40544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40544" + }, + { + "name": "http://secunia.com/secunia_research/2010-58/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-58/" + }, + { + "name": "http://holisticinfosec.org/content/view/148/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/148/45/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3059.json b/2010/3xxx/CVE-2010-3059.json index 4511dbb800b..aebb2de6148 100644 --- a/2010/3xxx/CVE-2010-3059.json +++ b/2010/3xxx/CVE-2010-3059.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820" - }, - { - "name" : "IC69883", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" - }, - { - "name" : "42549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42549" - }, - { - "name" : "41044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820" + }, + { + "name": "41044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41044" + }, + { + "name": "IC69883", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" + }, + { + "name": "42549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42549" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3588.json b/2010/3xxx/CVE-2010-3588.json index 3421b6c645f..298d15a26db 100644 --- a/2010/3xxx/CVE-2010-3588.json +++ b/2010/3xxx/CVE-2010-3588.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45858" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42994" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "oracle-discoverer-eul-unauth-access(64774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 10.1.2.3, 11.1.1.2.0, and 11.1.1.3.0 allows remote authenticated users to affect confidentiality and integrity, related to EUL Code & Schema." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "42994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42994" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "45858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45858" + }, + { + "name": "oracle-discoverer-eul-unauth-access(64774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64774" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3886.json b/2010/3xxx/CVE-2010-3886.json index 90217deb86f..505ac00b61d 100644 --- a/2010/3xxx/CVE-2010-3886.json +++ b/2010/3xxx/CVE-2010-3886.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100629 [0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html" - }, - { - "name" : "http://twitter.com/WisecWisec/statuses/17254776077", - "refsource" : "MISC", - "url" : "http://twitter.com/WisecWisec/statuses/17254776077" - }, - { - "name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630", - "refsource" : "MISC", - "url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630" - }, - { - "name" : "oval:org.mitre.oval:def:11606", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100629 [0day] Microsoft mshtml.dll CTimeoutEventList::InsertIntoTimeoutList memory leak", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-06/0259.html" + }, + { + "name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630", + "refsource": "MISC", + "url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100630" + }, + { + "name": "http://twitter.com/WisecWisec/statuses/17254776077", + "refsource": "MISC", + "url": "http://twitter.com/WisecWisec/statuses/17254776077" + }, + { + "name": "oval:org.mitre.oval:def:11606", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11606" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4228.json b/2010/4xxx/CVE-2010-4228.json index 68aa8a04ed5..4548a23a8a0 100644 --- a/2010/4xxx/CVE-2010-4228.json +++ b/2010/4xxx/CVE-2010-4228.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25", - "refsource" : "MISC", - "url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-106/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-106/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=641249", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=641249" - }, - { - "name" : "46922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46922" - }, - { - "name" : "43824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43824" - }, - { - "name" : "8149", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8149" - }, - { - "name" : "netware-dele-bo(66170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25", + "refsource": "MISC", + "url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25" + }, + { + "name": "43824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43824" + }, + { + "name": "8149", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8149" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=641249", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=641249" + }, + { + "name": "46922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46922" + }, + { + "name": "netware-dele-bo(66170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66170" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-106/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-106/" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3238588", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3238588" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4331.json b/2010/4xxx/CVE-2010-4331.json index 75637cefd70..d1cc9a4a70d 100644 --- a/2010/4xxx/CVE-2010-4331.json +++ b/2010/4xxx/CVE-2010-4331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110115 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515768/100/0/threaded" - }, - { - "name" : "16000", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16000" - }, - { - "name" : "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/", - "refsource" : "MISC", - "url" : "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/" - }, - { - "name" : "45828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45828" - }, - { - "name" : "seopanel-sponsors-xss(64725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "seopanel-sponsors-xss(64725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64725" + }, + { + "name": "45828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45828" + }, + { + "name": "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/", + "refsource": "MISC", + "url": "http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/" + }, + { + "name": "16000", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16000" + }, + { + "name": "20110115 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515768/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4339.json b/2010/4xxx/CVE-2010-4339.json index aacbfd45335..065000292c2 100644 --- a/2010/4xxx/CVE-2010-4339.json +++ b/2010/4xxx/CVE-2010-4339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598743" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4646.json b/2010/4xxx/CVE-2010-4646.json index 35b260aa708..8d90a7a7a34 100644 --- a/2010/4xxx/CVE-2010-4646.json +++ b/2010/4xxx/CVE-2010-4646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/05/3" - }, - { - "name" : "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/06/14" - }, - { - "name" : "http://www.hastymail.org/security/", - "refsource" : "CONFIRM", - "url" : "http://www.hastymail.org/security/" - }, - { - "name" : "43681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43681" - }, - { - "name" : "hastymail2-table-xss(64962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hastymail.org/security/", + "refsource": "CONFIRM", + "url": "http://www.hastymail.org/security/" + }, + { + "name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/06/14" + }, + { + "name": "hastymail2-table-xss(64962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962" + }, + { + "name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/05/3" + }, + { + "name": "43681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43681" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4812.json b/2010/4xxx/CVE-2010-4812.json index a3f522cbb4f..70e310fd573 100644 --- a/2010/4xxx/CVE-2010-4812.json +++ b/2010/4xxx/CVE-2010-4812.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bbs.wolvez.org/viewtopic.php?id=180", - "refsource" : "MISC", - "url" : "http://bbs.wolvez.org/viewtopic.php?id=180" - }, - { - "name" : "http://www.6kbbs.net/view-487.html", - "refsource" : "MISC", - "url" : "http://www.6kbbs.net/view-487.html" - }, - { - "name" : "42204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42204" - }, - { - "name" : "6kbbs-ajaxadmin-sql-injection(63285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63285" - }, - { - "name" : "6kbbs-ajaxmember-sql-injection(63286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6kbbs-ajaxmember-sql-injection(63286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63286" + }, + { + "name": "http://www.6kbbs.net/view-487.html", + "refsource": "MISC", + "url": "http://www.6kbbs.net/view-487.html" + }, + { + "name": "42204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42204" + }, + { + "name": "6kbbs-ajaxadmin-sql-injection(63285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63285" + }, + { + "name": "http://bbs.wolvez.org/viewtopic.php?id=180", + "refsource": "MISC", + "url": "http://bbs.wolvez.org/viewtopic.php?id=180" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0394.json b/2014/0xxx/CVE-2014-0394.json index 30ecb842a22..e2fd67f39c5 100644 --- a/2014/0xxx/CVE-2014-0394.json +++ b/2014/0xxx/CVE-2014-0394.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64848" - }, - { - "name" : "102033", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102033" - }, - { - "name" : "1029623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029623" - }, - { - "name" : "56478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102033", + "refsource": "OSVDB", + "url": "http://osvdb.org/102033" + }, + { + "name": "64848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64848" + }, + { + "name": "56478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56478" + }, + { + "name": "1029623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029623" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0774.json b/2014/0xxx/CVE-2014-0774.json index 8156d42ccac..3117e1d98bd 100644 --- a/2014/0xxx/CVE-2014-0774.json +++ b/2014/0xxx/CVE-2014-0774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01" - }, - { - "name" : "65871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02" + }, + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01" + }, + { + "name": "65871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65871" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0821.json b/2014/0xxx/CVE-2014-0821.json index 96415974c8f..bdaedaf5c4e 100644 --- a/2014/0xxx/CVE-2014-0821.json +++ b/2014/0xxx/CVE-2014-0821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/gr20140225up04.php", - "refsource" : "CONFIRM", - "url" : "http://cs.cybozu.co.jp/information/gr20140225up04.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/7993", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/7993" - }, - { - "name" : "JVN#71045461", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71045461/index.html" - }, - { - "name" : "JVNDB-2014-000024", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024" - }, - { - "name" : "65809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71045461", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71045461/index.html" + }, + { + "name": "JVNDB-2014-000024", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/7993", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/7993" + }, + { + "name": "65809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65809" + }, + { + "name": "http://cs.cybozu.co.jp/information/gr20140225up04.php", + "refsource": "CONFIRM", + "url": "http://cs.cybozu.co.jp/information/gr20140225up04.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0823.json b/2014/0xxx/CVE-2014-0823.json index 69f83044aa1..26dda002e35 100644 --- a/2014/0xxx/CVE-2014-0823.json +++ b/2014/0xxx/CVE-2014-0823.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" - }, - { - "name" : "PI05324", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324" - }, - { - "name" : "67329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67329" - }, - { - "name" : "ibm-was-cve20140823-viewfiles(90498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" + }, + { + "name": "67329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67329" + }, + { + "name": "PI05324", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324" + }, + { + "name": "ibm-was-cve20140823-viewfiles(90498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90498" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0885.json b/2014/0xxx/CVE-2014-0885.json index 22d5f9203cf..c36749457b7 100644 --- a/2014/0xxx/CVE-2014-0885.json +++ b/2014/0xxx/CVE-2014-0885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668124", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21668124" - }, - { - "name" : "ibm-lpms-cve20140885-csrf(91171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21668124", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668124" + }, + { + "name": "ibm-lpms-cve20140885-csrf(91171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91171" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4128.json b/2014/4xxx/CVE-2014-4128.json index 7a742cd0c55..20bd7589cfc 100644 --- a/2014/4xxx/CVE-2014-4128.json +++ b/2014/4xxx/CVE-2014-4128.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141014 Microsoft Internet Explorer CImplAry Uninitialized Memory Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1076" - }, - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70330" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "70330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70330" + }, + { + "name": "20141014 Microsoft Internet Explorer CImplAry Uninitialized Memory Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1076" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4171.json b/2014/4xxx/CVE-2014-4171.json index 7d05a4a2849..49bceb62d08 100644 --- a/2014/4xxx/CVE-2014-4171.json +++ b/2014/4xxx/CVE-2014-4171.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mm-commits] 20140617 + shmem-fix-faulting-into-a-hole-while-its-punched.patch added to -mm tree", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2" - }, - { - "name" : "[oss-security] 20140618 CVE-2014-4171 - Linux kernel mm/shmem.c denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/18/11" - }, - { - "name" : "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch", - "refsource" : "CONFIRM", - "url" : "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1111180", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1111180" - }, - { - "name" : "RHSA-2014:1318", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html" - }, - { - "name" : "RHSA-2015:0102", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0102.html" - }, - { - "name" : "SUSE-SU-2014:1316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" - }, - { - "name" : "SUSE-SU-2014:1319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" - }, - { - "name" : "USN-2334-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2334-1" - }, - { - "name" : "USN-2335-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2335-1" - }, - { - "name" : "68157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68157" - }, - { - "name" : "1030450", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030450" - }, - { - "name" : "59777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59777" - }, - { - "name" : "60564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mm-commits] 20140617 + shmem-fix-faulting-into-a-hole-while-its-punched.patch added to -mm tree", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2" + }, + { + "name": "RHSA-2014:1318", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111180", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111180" + }, + { + "name": "68157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68157" + }, + { + "name": "SUSE-SU-2014:1316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" + }, + { + "name": "USN-2335-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2335-1" + }, + { + "name": "USN-2334-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2334-1" + }, + { + "name": "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch", + "refsource": "CONFIRM", + "url": "http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch" + }, + { + "name": "SUSE-SU-2014:1319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" + }, + { + "name": "60564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60564" + }, + { + "name": "59777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59777" + }, + { + "name": "1030450", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030450" + }, + { + "name": "[oss-security] 20140618 CVE-2014-4171 - Linux kernel mm/shmem.c denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/18/11" + }, + { + "name": "RHSA-2015:0102", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4290.json b/2014/4xxx/CVE-2014-4290.json index 6ca38325322..c6cb1e15b95 100644 --- a/2014/4xxx/CVE-2014-4290.json +++ b/2014/4xxx/CVE-2014-4290.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70501" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4687.json b/2014/4xxx/CVE-2014-4687.json index 88f7dba6c89..a5152cc580d 100644 --- a/2014/4xxx/CVE-2014-4687.json +++ b/2014/4xxx/CVE-2014-4687.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc", - "refsource" : "CONFIRM", - "url" : "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc", + "refsource": "CONFIRM", + "url": "https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4953.json b/2014/4xxx/CVE-2014-4953.json index a28a9bd5369..2c76d2b04b3 100644 --- a/2014/4xxx/CVE-2014-4953.json +++ b/2014/4xxx/CVE-2014-4953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4953", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4953", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8670.json b/2014/8xxx/CVE-2014-8670.json index 937de92e393..2673eaeefc8 100644 --- a/2014/8xxx/CVE-2014-8670.json +++ b/2014/8xxx/CVE-2014-8670.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html" - }, - { - "name" : "70906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70906" - }, - { - "name" : "vbulletin-go-open-redirect(98476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70906" + }, + { + "name": "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html" + }, + { + "name": "vbulletin-go-open-redirect(98476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98476" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8779.json b/2014/8xxx/CVE-2014-8779.json index cb632059ee5..1c38c4900a6 100644 --- a/2014/8xxx/CVE-2014-8779.json +++ b/2014/8xxx/CVE-2014-8779.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150129 CVE-2014-8779: SSH Host keys on Pexip Infinity", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534576/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html" - }, - { - "name" : "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf" - }, - { - "name" : "72359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html" + }, + { + "name": "20150129 CVE-2014-8779: SSH Host keys on Pexip Infinity", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534576/100/0/threaded" + }, + { + "name": "72359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72359" + }, + { + "name": "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf", + "refsource": "CONFIRM", + "url": "http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9746.json b/2014/9xxx/CVE-2014-9746.json index e4fb8c576d5..68866262b1b 100644 --- a/2014/9xxx/CVE-2014-9746.json +++ b/2014/9xxx/CVE-2014-9746.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-9746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150911 CVE Request: 2 FreeType issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/11/4" - }, - { - "name" : "[oss-security] 20150925 Re: CVE Request: 2 FreeType issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/25/4" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?41309", - "refsource" : "MISC", - "url" : "https://savannah.nongnu.org/bugs/?41309" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3370", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150911 CVE Request: 2 FreeType issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/11/4" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1" + }, + { + "name": "[oss-security] 20150925 Re: CVE Request: 2 FreeType issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/25/4" + }, + { + "name": "https://savannah.nongnu.org/bugs/?41309", + "refsource": "MISC", + "url": "https://savannah.nongnu.org/bugs/?41309" + }, + { + "name": "DSA-3370", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3370" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9817.json b/2014/9xxx/CVE-2014-9817.json index 26cc4828bcf..ad13a5b1877 100644 --- a/2014/9xxx/CVE-2014-9817.json +++ b/2014/9xxx/CVE-2014-9817.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343473", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343473", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343473" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9942.json b/2014/9xxx/CVE-2014-9942.json index 0e248c3b483..a6f590e3a3e 100644 --- a/2014/9xxx/CVE-2014-9942.json +++ b/2014/9xxx/CVE-2014-9942.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Uninitialized Variable Vulnerability in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Uninitialized Variable Vulnerability in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98243" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9965.json b/2014/9xxx/CVE-2014-9965.json index 80a00a8f8e6..386b2743993 100644 --- a/2014/9xxx/CVE-2014-9965.json +++ b/2014/9xxx/CVE-2014-9965.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2014-9965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation Vulnerability in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2014-9965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation Vulnerability in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3224.json b/2016/3xxx/CVE-2016-3224.json index 6d591bf439d..62d8a62690f 100644 --- a/2016/3xxx/CVE-2016-3224.json +++ b/2016/3xxx/CVE-2016-3224.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3224", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3224", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3956.json b/2016/3xxx/CVE-2016-3956.json index aa32d809cd1..150e7c7153f 100644 --- a/2016/3xxx/CVE-2016-3956.json +++ b/2016/3xxx/CVE-2016-3956.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability", - "refsource" : "CONFIRM", - "url" : "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980827", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980827" - }, - { - "name" : "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29", - "refsource" : "CONFIRM", - "url" : "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29" - }, - { - "name" : "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401", - "refsource" : "CONFIRM", - "url" : "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401" - }, - { - "name" : "https://github.com/npm/npm/issues/8380", - "refsource" : "CONFIRM", - "url" : "https://github.com/npm/npm/issues/8380" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/npm/npm/issues/8380", + "refsource": "CONFIRM", + "url": "https://github.com/npm/npm/issues/8380" + }, + { + "name": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29", + "refsource": "CONFIRM", + "url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827" + }, + { + "name": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401", + "refsource": "CONFIRM", + "url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401" + }, + { + "name": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability", + "refsource": "CONFIRM", + "url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6347.json b/2016/6xxx/CVE-2016-6347.json index 7851ed74f5b..193e770769b 100644 --- a/2016/6xxx/CVE-2016-6347.json +++ b/2016/6xxx/CVE-2016-6347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372124", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1372124" - }, - { - "name" : "92759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92759" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1372124", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372124" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6548.json b/2016/6xxx/CVE-2016-6548.json index f0e28302081..a8c8b7bedec 100644 --- a/2016/6xxx/CVE-2016-6548.json +++ b/2016/6xxx/CVE-2016-6548.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6548", - "STATE" : "PUBLIC", - "TITLE" : "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tech Nut Mobile Application", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Zizai Technology" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200: Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6548", + "STATE": "PUBLIC", + "TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tech Nut Mobile Application", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Zizai Technology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" - }, - { - "name" : "VU#402847", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/402847" - }, - { - "name" : "93877", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/93877" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93877", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93877" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + }, + { + "name": "VU#402847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/402847" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6551.json b/2016/6xxx/CVE-2016-6551.json index 67c5bc2b196..f7713ebd904 100644 --- a/2016/6xxx/CVE-2016-6551.json +++ b/2016/6xxx/CVE-2016-6551.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6551", - "STATE" : "PUBLIC", - "TITLE" : "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Antennas", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "t-Series", - "version_value" : "1.07" - }, - { - "affected" : "=", - "version_name" : "v-Series", - "version_value" : "1.07" - } - ] - } - } - ] - }, - "vendor_name" : "Intellian Satellite TV" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-255" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6551", + "STATE": "PUBLIC", + "TITLE": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Antennas", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "t-Series", + "version_value": "1.07" + }, + { + "affected": "=", + "version_name": "v-Series", + "version_value": "1.07" + } + ] + } + } + ] + }, + "vendor_name": "Intellian Satellite TV" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#200907", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/200907" - }, - { - "name" : "93808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93808" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93808" + }, + { + "name": "VU#200907", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/200907" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6816.json b/2016/6xxx/CVE-2016-6816.json index 8b8970044e7..d499e9e72b1 100644 --- a/2016/6xxx/CVE-2016-6816.json +++ b/2016/6xxx/CVE-2016-6816.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-6816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.M1 to 9.0.0.M11" - }, - { - "version_value" : "8.5.0 to 8.5.6" - }, - { - "version_value" : "8.0.0.RC1 to 8.0.38" - }, - { - "version_value" : "7.0.0 to 7.0.72" - }, - { - "version_value" : "6.0.0 to 6.0.47" - }, - { - "version_value" : "Earlier, unsupported versions may also be affected." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "character validation bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-6816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "9.0.0.M1 to 9.0.0.M11" + }, + { + "version_value": "8.5.0 to 8.5.6" + }, + { + "version_value": "8.0.0.RC1 to 8.0.38" + }, + { + "version_value": "7.0.0 to 7.0.72" + }, + { + "version_value": "6.0.0 to 6.0.47" + }, + { + "version_value": "Earlier, unsupported versions may also be affected." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41783", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41783/" - }, - { - "name" : "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48", - "refsource" : "CONFIRM", - "url" : "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48" - }, - { - "name" : "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73", - "refsource" : "CONFIRM", - "url" : "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73" - }, - { - "name" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39", - "refsource" : "CONFIRM", - "url" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39" - }, - { - "name" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8", - "refsource" : "CONFIRM", - "url" : "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8" - }, - { - "name" : "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13", - "refsource" : "CONFIRM", - "url" : "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180607-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180607-0001/" - }, - { - "name" : "DSA-3738", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3738" - }, - { - "name" : "RHSA-2017:0244", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0244.html" - }, - { - "name" : "RHSA-2017:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0245.html" - }, - { - "name" : "RHSA-2017:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0246.html" - }, - { - "name" : "RHSA-2017:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0247.html" - }, - { - "name" : "RHSA-2017:0250", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0250.html" - }, - { - "name" : "RHSA-2017:0455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0455" - }, - { - "name" : "RHSA-2017:0456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0456" - }, - { - "name" : "RHSA-2017:0457", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html" - }, - { - "name" : "RHSA-2017:0527", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0527.html" - }, - { - "name" : "RHSA-2017:0935", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0935" - }, - { - "name" : "94461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94461" - }, - { - "name" : "1037332", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "character validation bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0250", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0250.html" + }, + { + "name": "41783", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41783/" + }, + { + "name": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39", + "refsource": "CONFIRM", + "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39" + }, + { + "name": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13", + "refsource": "CONFIRM", + "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13" + }, + { + "name": "94461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94461" + }, + { + "name": "DSA-3738", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3738" + }, + { + "name": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73", + "refsource": "CONFIRM", + "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73" + }, + { + "name": "RHSA-2017:0244", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0244.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:0935", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0935" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180607-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180607-0001/" + }, + { + "name": "RHSA-2017:0457", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html" + }, + { + "name": "RHSA-2017:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0246.html" + }, + { + "name": "1037332", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037332" + }, + { + "name": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8", + "refsource": "CONFIRM", + "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8" + }, + { + "name": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48", + "refsource": "CONFIRM", + "url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48" + }, + { + "name": "RHSA-2017:0455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0455" + }, + { + "name": "RHSA-2017:0527", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0527.html" + }, + { + "name": "RHSA-2017:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0245.html" + }, + { + "name": "RHSA-2017:0456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0456" + }, + { + "name": "RHSA-2017:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0247.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6980.json b/2016/6xxx/CVE-2016-6980.json index 02e715a9070..aa33ebb459c 100644 --- a/2016/6xxx/CVE-2016-6980.json +++ b/2016/6xxx/CVE-2016-6980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html" - }, - { - "name" : "93179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93179" - }, - { - "name" : "1036793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93179" + }, + { + "name": "1036793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036793" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7069.json b/2016/7xxx/CVE-2016-7069.json index e0f3f02b92b..d96da9398a0 100644 --- a/2016/7xxx/CVE-2016-7069.json +++ b/2016/7xxx/CVE-2016-7069.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2016-7069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "dnsdist", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Open-Xchange" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dnsdist", + "version": { + "version_data": [ + { + "version_value": "1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Open-Xchange" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069" - }, - { - "name" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html", - "refsource" : "CONFIRM", - "url" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html" - }, - { - "name" : "100509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069" + }, + { + "name": "100509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100509" + }, + { + "name": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html", + "refsource": "CONFIRM", + "url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7172.json b/2016/7xxx/CVE-2016-7172.json index 0c3281e19a2..df1a7f6a676 100644 --- a/2016/7xxx/CVE-2016-7172.json +++ b/2016/7xxx/CVE-2016-7172.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/NTAP-20161220-0001", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/NTAP-20161220-0001" - }, - { - "name" : "95069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95069" - }, - { - "name" : "1037530", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95069" + }, + { + "name": "https://kb.netapp.com/support/s/article/NTAP-20161220-0001", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/NTAP-20161220-0001" + }, + { + "name": "1037530", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037530" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7250.json b/2016/7xxx/CVE-2016-7250.json index 3e0dbb3a27e..a1af37f4261 100644 --- a/2016/7xxx/CVE-2016-7250.json +++ b/2016/7xxx/CVE-2016-7250.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka \"SQL RDBMS Engine Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-136", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" - }, - { - "name" : "94060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94060" - }, - { - "name" : "1037250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka \"SQL RDBMS Engine Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037250" + }, + { + "name": "MS16-136", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" + }, + { + "name": "94060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94060" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7485.json b/2016/7xxx/CVE-2016-7485.json index 4ae0fc680d5..524aa636bc0 100644 --- a/2016/7xxx/CVE-2016-7485.json +++ b/2016/7xxx/CVE-2016-7485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7485", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7485", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7940.json b/2016/7xxx/CVE-2016-7940.json index 49008d5d80f..2e34cd92094 100644 --- a/2016/7xxx/CVE-2016-7940.json +++ b/2016/7xxx/CVE-2016-7940.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8346.json b/2016/8xxx/CVE-2016-8346.json index 9add85132a2..0611610e79a 100644 --- a/2016/8xxx/CVE-2016-8346.json +++ b/2016/8xxx/CVE-2016-8346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa EDR-810 Industrial Secure Router", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa EDR-810 Industrial Secure Router" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa EDR-810 Industrial Secure Router", + "version": { + "version_data": [ + { + "version_value": "Moxa EDR-810 Industrial Secure Router" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01" - }, - { - "name" : "93800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93800" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8529.json b/2016/8xxx/CVE-2016-8529.json index ca786c17093..fd6dadee4d5 100644 --- a/2016/8xxx/CVE-2016-8529.json +++ b/2016/8xxx/CVE-2016-8529.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-01-31T00:00:00", - "ID" : "CVE-2016-8529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", - "version" : { - "version_data" : [ - { - "version_value" : "LeftHand OS v12.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Arbitrary Command Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-01-31T00:00:00", + "ID": "CVE-2016-8529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS", + "version": { + "version_data": [ + { + "version_value": "LeftHand OS v12.5 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958" - }, - { - "name" : "95970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95970" - }, - { - "name" : "1037762", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary Command Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037762", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037762" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958" + }, + { + "name": "95970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95970" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8740.json b/2016/8xxx/CVE-2016-8740.json index 328256a9490..efd4b684cea 100644 --- a/2016/8xxx/CVE-2016-8740.json +++ b/2016/8xxx/CVE-2016-8740.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-8740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.17 - 2.4.23" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-8740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.17 - 2.4.23" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40909", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40909/" - }, - { - "name" : "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html" - }, - { - "name" : "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-04", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-04" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180423-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180423-0001/" - }, - { - "name" : "GLSA-201701-36", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-36" - }, - { - "name" : "RHSA-2017:1161", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1161" - }, - { - "name" : "RHSA-2017:1413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1413" - }, - { - "name" : "RHSA-2017:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1414" - }, - { - "name" : "RHSA-2017:1415", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html" - }, - { - "name" : "94650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94650" - }, - { - "name" : "1037388", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3", + "refsource": "CONFIRM", + "url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3" + }, + { + "name": "1037388", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037388" + }, + { + "name": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html" + }, + { + "name": "RHSA-2017:1413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1413" + }, + { + "name": "RHSA-2017:1161", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1161" + }, + { + "name": "https://www.tenable.com/security/tns-2017-04", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-04" + }, + { + "name": "RHSA-2017:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1414" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + }, + { + "name": "40909", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40909/" + }, + { + "name": "RHSA-2017:1415", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + }, + { + "name": "94650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94650" + }, + { + "name": "GLSA-201701-36", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-36" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180423-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180423-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8973.json b/2016/8xxx/CVE-2016-8973.json index 2873ad888ff..15a8703db11 100644 --- a/2016/8xxx/CVE-2016-8973.json +++ b/2016/8xxx/CVE-2016-8973.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.2" - }, - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "3" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "4.0.2" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.0.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "3" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999960", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999960" - }, - { - "name" : "96826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96826" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999960", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999960" + } + ] + } +} \ No newline at end of file