From 84d6d4bb00be0573f125c1f9dbaf6348d0471839 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:50:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1084.json | 190 ++++++++++++------------- 2006/1xxx/CVE-2006-1798.json | 190 ++++++++++++------------- 2006/1xxx/CVE-2006-1971.json | 190 ++++++++++++------------- 2006/5xxx/CVE-2006-5013.json | 190 ++++++++++++------------- 2006/5xxx/CVE-2006-5157.json | 200 +++++++++++++-------------- 2006/5xxx/CVE-2006-5158.json | 260 +++++++++++++++++------------------ 2006/5xxx/CVE-2006-5184.json | 170 +++++++++++------------ 2006/5xxx/CVE-2006-5483.json | 150 ++++++++++---------- 2007/2xxx/CVE-2007-2047.json | 130 +++++++++--------- 2007/2xxx/CVE-2007-2223.json | 220 ++++++++++++++--------------- 2007/2xxx/CVE-2007-2364.json | 160 ++++++++++----------- 2007/2xxx/CVE-2007-2526.json | 190 ++++++++++++------------- 2007/2xxx/CVE-2007-2594.json | 170 +++++++++++------------ 2010/0xxx/CVE-2010-0221.json | 220 ++++++++++++++--------------- 2010/0xxx/CVE-2010-0447.json | 200 +++++++++++++-------------- 2010/0xxx/CVE-2010-0469.json | 160 ++++++++++----------- 2010/0xxx/CVE-2010-0619.json | 140 +++++++++---------- 2010/1xxx/CVE-2010-1379.json | 170 +++++++++++------------ 2010/1xxx/CVE-2010-1754.json | 150 ++++++++++---------- 2010/1xxx/CVE-2010-1803.json | 140 +++++++++---------- 2010/1xxx/CVE-2010-1937.json | 160 ++++++++++----------- 2010/4xxx/CVE-2010-4419.json | 170 +++++++++++------------ 2010/4xxx/CVE-2010-4601.json | 130 +++++++++--------- 2010/4xxx/CVE-2010-4963.json | 180 ++++++++++++------------ 2010/5xxx/CVE-2010-5328.json | 210 ++++++++++++++-------------- 2014/0xxx/CVE-2014-0587.json | 120 ++++++++-------- 2014/1xxx/CVE-2014-1258.json | 120 ++++++++-------- 2014/1xxx/CVE-2014-1635.json | 180 ++++++++++++------------ 2014/1xxx/CVE-2014-1929.json | 150 ++++++++++---------- 2014/4xxx/CVE-2014-4341.json | 260 +++++++++++++++++------------------ 2014/4xxx/CVE-2014-4369.json | 190 ++++++++++++------------- 2014/4xxx/CVE-2014-4664.json | 170 +++++++++++------------ 2014/4xxx/CVE-2014-4861.json | 120 ++++++++-------- 2014/4xxx/CVE-2014-4889.json | 140 +++++++++---------- 2014/4xxx/CVE-2014-4891.json | 140 +++++++++---------- 2014/9xxx/CVE-2014-9533.json | 34 ++--- 2016/3xxx/CVE-2016-3416.json | 140 +++++++++---------- 2016/3xxx/CVE-2016-3455.json | 140 +++++++++---------- 2016/3xxx/CVE-2016-3531.json | 150 ++++++++++---------- 2016/3xxx/CVE-2016-3665.json | 34 ++--- 2016/3xxx/CVE-2016-3981.json | 180 ++++++++++++------------ 2016/6xxx/CVE-2016-6676.json | 140 +++++++++---------- 2016/7xxx/CVE-2016-7720.json | 34 ++--- 2016/7xxx/CVE-2016-7742.json | 120 ++++++++-------- 2016/7xxx/CVE-2016-7857.json | 180 ++++++++++++------------ 2016/8xxx/CVE-2016-8088.json | 34 ++--- 2016/8xxx/CVE-2016-8535.json | 122 ++++++++-------- 2016/9xxx/CVE-2016-9494.json | 184 ++++++++++++------------- 2016/9xxx/CVE-2016-9810.json | 180 ++++++++++++------------ 49 files changed, 3851 insertions(+), 3851 deletions(-) diff --git a/2006/1xxx/CVE-2006-1084.json b/2006/1xxx/CVE-2006-1084.json index c2aabc99050..68229b76134 100644 --- a/2006/1xxx/CVE-2006-1084.json +++ b/2006/1xxx/CVE-2006-1084.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 PHP-Stats <= 0.1.9.1 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426762/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/php_stats_0191_adv.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/php_stats_0191_adv.html" - }, - { - "name" : "20060322 Re: PHP-Stats <= 0.1.9.1 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428614/100/0/threaded" - }, - { - "name" : "http://www.phpstats.net/forum/viewtopic.php?t=140", - "refsource" : "MISC", - "url" : "http://www.phpstats.net/forum/viewtopic.php?t=140" - }, - { - "name" : "20060327 Re: PHP-Stats <= 0.1.9.1 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429145/100/0/threaded" - }, - { - "name" : "16963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16963" - }, - { - "name" : "ADV-2006-0822", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0822" - }, - { - "name" : "19116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0822", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0822" + }, + { + "name": "20060322 Re: PHP-Stats <= 0.1.9.1 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/php_stats_0191_adv.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/php_stats_0191_adv.html" + }, + { + "name": "20060304 PHP-Stats <= 0.1.9.1 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded" + }, + { + "name": "20060327 Re: PHP-Stats <= 0.1.9.1 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded" + }, + { + "name": "19116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19116" + }, + { + "name": "16963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16963" + }, + { + "name": "http://www.phpstats.net/forum/viewtopic.php?t=140", + "refsource": "MISC", + "url": "http://www.phpstats.net/forum/viewtopic.php?t=140" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1798.json b/2006/1xxx/CVE-2006-1798.json index 585d2b68484..ef62a9aa8f8 100644 --- a/2006/1xxx/CVE-2006-1798.json +++ b/2006/1xxx/CVE-2006-1798.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060424 [eVuln] RateIt SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431859/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/124/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/124/summary.html" - }, - { - "name" : "17518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17518" - }, - { - "name" : "ADV-2006-1358", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1358" - }, - { - "name" : "24622", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24622" - }, - { - "name" : "1015983", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015983" - }, - { - "name" : "19637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19637" - }, - { - "name" : "rateit-rateit-sql-injection(25801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rateit-rateit-sql-injection(25801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25801" + }, + { + "name": "20060424 [eVuln] RateIt SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431859/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/124/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/124/summary.html" + }, + { + "name": "17518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17518" + }, + { + "name": "1015983", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015983" + }, + { + "name": "ADV-2006-1358", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1358" + }, + { + "name": "24622", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24622" + }, + { + "name": "19637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19637" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1971.json b/2006/1xxx/CVE-2006-1971.json index 657462a6ee1..5faf98cc5a2 100644 --- a/2006/1xxx/CVE-2006-1971.json +++ b/2006/1xxx/CVE-2006-1971.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060419 ContentBoxx Login.php Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431386/100/0/threaded" - }, - { - "name" : "17612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17612" - }, - { - "name" : "ADV-2006-1438", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1438" - }, - { - "name" : "24768", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24768" - }, - { - "name" : "19733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19733" - }, - { - "name" : "740", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/740" - }, - { - "name" : "779", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/779" - }, - { - "name" : "contentboxx-login-xss(25952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "779", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/779" + }, + { + "name": "24768", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24768" + }, + { + "name": "ADV-2006-1438", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1438" + }, + { + "name": "20060419 ContentBoxx Login.php Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431386/100/0/threaded" + }, + { + "name": "19733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19733" + }, + { + "name": "17612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17612" + }, + { + "name": "740", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/740" + }, + { + "name": "contentboxx-login-xss(25952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25952" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5013.json b/2006/5xxx/CVE-2006-5013.json index 4fc87e8cf94..3e8b39334d5 100644 --- a/2006/5xxx/CVE-2006-5013.json +++ b/2006/5xxx/CVE-2006-5013.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm" - }, - { - "name" : "102568", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102568-1" - }, - { - "name" : "20195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20195" - }, - { - "name" : "ADV-2006-3767", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3767" - }, - { - "name" : "oval:org.mitre.oval:def:1893", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1893" - }, - { - "name" : "1016930", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016930" - }, - { - "name" : "22103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22103" - }, - { - "name" : "solaris-ipv6-dos(29150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3767", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3767" + }, + { + "name": "oval:org.mitre.oval:def:1893", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1893" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm" + }, + { + "name": "20195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20195" + }, + { + "name": "102568", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102568-1" + }, + { + "name": "1016930", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016930" + }, + { + "name": "solaris-ipv6-dos(29150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29150" + }, + { + "name": "22103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22103" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5157.json b/2006/5xxx/CVE-2006-5157.json index 7050e4e48cd..431946595b4 100644 --- a/2006/5xxx/CVE-2006-5157.json +++ b/2006/5xxx/CVE-2006-5157.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console's Remote Client Install name search\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447498/100/0/threaded" - }, - { - "name" : "http://www.layereddefense.com/TREND01OCT.html", - "refsource" : "MISC", - "url" : "http://www.layereddefense.com/TREND01OCT.html" - }, - { - "name" : "VU#788860", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/788860" - }, - { - "name" : "20284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20284" - }, - { - "name" : "ADV-2006-3870", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3870" - }, - { - "name" : "1016963", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016963" - }, - { - "name" : "22224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22224" - }, - { - "name" : "1682", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1682" - }, - { - "name" : "officescan-atxconsole-format-string(29308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console's Remote Client Install name search\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.layereddefense.com/TREND01OCT.html", + "refsource": "MISC", + "url": "http://www.layereddefense.com/TREND01OCT.html" + }, + { + "name": "ADV-2006-3870", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3870" + }, + { + "name": "officescan-atxconsole-format-string(29308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308" + }, + { + "name": "1016963", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016963" + }, + { + "name": "VU#788860", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/788860" + }, + { + "name": "20284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20284" + }, + { + "name": "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447498/100/0/threaded" + }, + { + "name": "1682", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1682" + }, + { + "name": "22224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22224" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5158.json b/2006/5xxx/CVE-2006-5158.json index c201420f3e2..63b3ac23af6 100644 --- a/2006/5xxx/CVE-2006-5158.json +++ b/2006/5xxx/CVE-2006-5158.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20051216 lockd: couldn't create RPC handle for (host)", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=113476665626446&w=2" - }, - { - "name" : "[linux-kernel] 20051218 Re: lockd: couldn't create RPC handle for (host)", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=113494474208973&w=2" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm" - }, - { - "name" : "MDKSA-2007:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" - }, - { - "name" : "RHSA-2007:0488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0488.html" - }, - { - "name" : "SUSE-SA:2006:057", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_57_kernel.html" - }, - { - "name" : "USN-395-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-395-1" - }, - { - "name" : "21581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21581" - }, - { - "name" : "oval:org.mitre.oval:def:10128", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10128" - }, - { - "name" : "23361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23361" - }, - { - "name" : "23384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23384" - }, - { - "name" : "23752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23752" - }, - { - "name" : "25838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25838" - }, - { - "name" : "26289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10128", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10128" + }, + { + "name": "[linux-kernel] 20051218 Re: lockd: couldn't create RPC handle for (host)", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=113494474208973&w=2" + }, + { + "name": "23361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23361" + }, + { + "name": "26289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26289" + }, + { + "name": "MDKSA-2007:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" + }, + { + "name": "25838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25838" + }, + { + "name": "23384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23384" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0" + }, + { + "name": "[linux-kernel] 20051216 lockd: couldn't create RPC handle for (host)", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=113476665626446&w=2" + }, + { + "name": "23752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23752" + }, + { + "name": "21581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21581" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm" + }, + { + "name": "USN-395-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-395-1" + }, + { + "name": "RHSA-2007:0488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html" + }, + { + "name": "SUSE-SA:2006:057", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_57_kernel.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5184.json b/2006/5xxx/CVE-2006-5184.json index f2522b43150..1dfcd66bc3e 100644 --- a/2006/5xxx/CVE-2006-5184.json +++ b/2006/5xxx/CVE-2006-5184.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.pkrinternet.com/taskjitsu/task/3517", - "refsource" : "CONFIRM", - "url" : "https://www.pkrinternet.com/taskjitsu/task/3517" - }, - { - "name" : "https://www.pkrinternet.com/download/RELEASE-NOTES.txt", - "refsource" : "CONFIRM", - "url" : "https://www.pkrinternet.com/download/RELEASE-NOTES.txt" - }, - { - "name" : "20332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20332" - }, - { - "name" : "ADV-2006-3903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3903" - }, - { - "name" : "1016978", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016978" - }, - { - "name" : "22257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.pkrinternet.com/taskjitsu/task/3517", + "refsource": "CONFIRM", + "url": "https://www.pkrinternet.com/taskjitsu/task/3517" + }, + { + "name": "1016978", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016978" + }, + { + "name": "20332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20332" + }, + { + "name": "22257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22257" + }, + { + "name": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt", + "refsource": "CONFIRM", + "url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt" + }, + { + "name": "ADV-2006-3903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3903" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5483.json b/2006/5xxx/CVE-2006-5483.json index 5c957db700d..2438e00b5d2 100644 --- a/2006/5xxx/CVE-2006-5483.json +++ b/2006/5xxx/CVE-2006-5483.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[freebsd-cvs-src] 20060520 cvs commit: src/sys/posix4 p1003_1b.c", - "refsource" : "MLIST", - "url" : "http://lists.freebsd.org/pipermail/cvs-src/2006-May/063969.html" - }, - { - "name" : "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/posix4/p1003_1b.c.diff?r1=1.24&r2=1.24.2.1", - "refsource" : "CONFIRM", - "url" : "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/posix4/p1003_1b.c.diff?r1=1.24&r2=1.24.2.1" - }, - { - "name" : "20517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20517" - }, - { - "name" : "22413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[freebsd-cvs-src] 20060520 cvs commit: src/sys/posix4 p1003_1b.c", + "refsource": "MLIST", + "url": "http://lists.freebsd.org/pipermail/cvs-src/2006-May/063969.html" + }, + { + "name": "22413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22413" + }, + { + "name": "20517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20517" + }, + { + "name": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/posix4/p1003_1b.c.diff?r1=1.24&r2=1.24.2.1", + "refsource": "CONFIRM", + "url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/posix4/p1003_1b.c.diff?r1=1.24&r2=1.24.2.1" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2047.json b/2007/2xxx/CVE-2007-2047.json index cd5aeb5ba99..9be47fc64d1 100644 --- a/2007/2xxx/CVE-2007-2047.json +++ b/2007/2xxx/CVE-2007-2047.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.openads.org/index.php?showtopic=503413399&pid=39136", - "refsource" : "CONFIRM", - "url" : "http://forum.openads.org/index.php?showtopic=503413399&pid=39136" - }, - { - "name" : "ADV-2007-1365", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.openads.org/index.php?showtopic=503413399&pid=39136", + "refsource": "CONFIRM", + "url": "http://forum.openads.org/index.php?showtopic=503413399&pid=39136" + }, + { + "name": "ADV-2007-1365", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1365" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2223.json b/2007/2xxx/CVE-2007-2223.json index 2b9e356a3ba..28211e5b71c 100644 --- a/2007/2xxx/CVE-2007-2223.json +++ b/2007/2xxx/CVE-2007-2223.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-2223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576" - }, - { - "name" : "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476527/100/0/threaded" - }, - { - "name" : "20070816 MS07-042 XMLDOM substringData() PoC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476747/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-048/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-048/" - }, - { - "name" : "MS07-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042" - }, - { - "name" : "VU#361968", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/361968" - }, - { - "name" : "25301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25301" - }, - { - "name" : "ADV-2007-2866", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2866" - }, - { - "name" : "oval:org.mitre.oval:def:2069", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069" - }, - { - "name" : "1018559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018559" - }, - { - "name" : "26447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#361968", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/361968" + }, + { + "name": "1018559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018559" + }, + { + "name": "20070816 MS07-042 XMLDOM substringData() PoC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476747/100/0/threaded" + }, + { + "name": "20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576" + }, + { + "name": "ADV-2007-2866", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2866" + }, + { + "name": "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded" + }, + { + "name": "25301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25301" + }, + { + "name": "MS07-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-042" + }, + { + "name": "26447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26447" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-048/" + }, + { + "name": "oval:org.mitre.oval:def:2069", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2069" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2364.json b/2007/2xxx/CVE-2007-2364.json index 5478af376cb..3a4d9c86760 100644 --- a/2007/2xxx/CVE-2007-2364.json +++ b/2007/2xxx/CVE-2007-2364.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3809", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3809" - }, - { - "name" : "23691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23691" - }, - { - "name" : "ADV-2007-1557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1557" - }, - { - "name" : "35617", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35617" - }, - { - "name" : "burncms-multiple-script-file-include(33938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3809", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3809" + }, + { + "name": "35617", + "refsource": "OSVDB", + "url": "http://osvdb.org/35617" + }, + { + "name": "23691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23691" + }, + { + "name": "ADV-2007-1557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1557" + }, + { + "name": "burncms-multiple-script-file-include(33938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33938" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2526.json b/2007/2xxx/CVE-2007-2526.json index 8cd7ac04dae..2cc7643465f 100644 --- a/2007/2xxx/CVE-2007-2526.json +++ b/2007/2xxx/CVE-2007-2526.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3873", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/3873" - }, - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html" - }, - { - "name" : "http://www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt" - }, - { - "name" : "23869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23869" - }, - { - "name" : "34340", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34340" - }, - { - "name" : "ADV-2007-1704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1704" - }, - { - "name" : "25203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25203" - }, - { - "name" : "smartcode-vnc-scvncctrl-bo(34149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23869" + }, + { + "name": "34340", + "refsource": "OSVDB", + "url": "http://osvdb.org/34340" + }, + { + "name": "http://www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt" + }, + { + "name": "smartcode-vnc-scvncctrl-bo(34149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34149" + }, + { + "name": "3873", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/3873" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html" + }, + { + "name": "ADV-2007-1704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1704" + }, + { + "name": "25203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25203" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2594.json b/2007/2xxx/CVE-2007-2594.json index 0f8582a0824..313ff205ca7 100644 --- a/2007/2xxx/CVE-2007-2594.json +++ b/2007/2xxx/CVE-2007-2594.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3879", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3879" - }, - { - "name" : "23898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23898" - }, - { - "name" : "ADV-2007-1738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1738" - }, - { - "name" : "35908", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35908" - }, - { - "name" : "25210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25210" - }, - { - "name" : "phpmyportal-articles-file-include(34186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35908", + "refsource": "OSVDB", + "url": "http://osvdb.org/35908" + }, + { + "name": "ADV-2007-1738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1738" + }, + { + "name": "3879", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3879" + }, + { + "name": "25210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25210" + }, + { + "name": "phpmyportal-articles-file-include(34186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34186" + }, + { + "name": "23898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23898" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0221.json b/2010/0xxx/CVE-2010-0221.json index 25db9b10182..7ad38f6136f 100644 --- a/2010/0xxx/CVE-2010-0221.json +++ b/2010/0xxx/CVE-2010-0221.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/hardware/?p=6655", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/hardware/?p=6655" - }, - { - "name" : "http://it.slashdot.org/story/10/01/05/1734242/", - "refsource" : "MISC", - "url" : "http://it.slashdot.org/story/10/01/05/1734242/" - }, - { - "name" : "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm", - "refsource" : "MISC", - "url" : "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm" - }, - { - "name" : "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", - "refsource" : "MISC", - "url" : "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html" - }, - { - "name" : "http://www.kingston.com/driveupdate/", - "refsource" : "MISC", - "url" : "http://www.kingston.com/driveupdate/" - }, - { - "name" : "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf", - "refsource" : "MISC", - "url" : "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf" - }, - { - "name" : "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", - "refsource" : "MISC", - "url" : "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9" - }, - { - "name" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed", - "refsource" : "MISC", - "url" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed" - }, - { - "name" : "1023410", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023410" - }, - { - "name" : "ADV-2010-0080", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0080" - }, - { - "name" : "kingston-access-control-sec-bypass(55477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kingston.com/driveupdate/", + "refsource": "MISC", + "url": "http://www.kingston.com/driveupdate/" + }, + { + "name": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", + "refsource": "MISC", + "url": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9" + }, + { + "name": "1023410", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023410" + }, + { + "name": "http://it.slashdot.org/story/10/01/05/1734242/", + "refsource": "MISC", + "url": "http://it.slashdot.org/story/10/01/05/1734242/" + }, + { + "name": "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm", + "refsource": "MISC", + "url": "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm" + }, + { + "name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", + "refsource": "MISC", + "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html" + }, + { + "name": "http://blogs.zdnet.com/hardware/?p=6655", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/hardware/?p=6655" + }, + { + "name": "kingston-access-control-sec-bypass(55477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55477" + }, + { + "name": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf", + "refsource": "MISC", + "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf" + }, + { + "name": "ADV-2010-0080", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0080" + }, + { + "name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", + "refsource": "MISC", + "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0447.json b/2010/0xxx/CVE-2010-0447.json index 0385a9d016b..409e6ffeddd 100644 --- a/2010/0xxx/CVE-2010-0447.json +++ b/2010/0xxx/CVE-2010-0447.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100309 ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509984/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-026", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-026" - }, - { - "name" : "HPSBMA02489", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126815897824020&w=2" - }, - { - "name" : "SSRT090065", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126815897824020&w=2" - }, - { - "name" : "38611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38611" - }, - { - "name" : "62797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62797" - }, - { - "name" : "38899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38899" - }, - { - "name" : "ADV-2010-0555", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0555" - }, - { - "name" : "hp-performance-unspec-command-exec(56757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100309 ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509984/100/0/threaded" + }, + { + "name": "38899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38899" + }, + { + "name": "38611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38611" + }, + { + "name": "hp-performance-unspec-command-exec(56757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56757" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-026", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-026" + }, + { + "name": "62797", + "refsource": "OSVDB", + "url": "http://osvdb.org/62797" + }, + { + "name": "HPSBMA02489", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126815897824020&w=2" + }, + { + "name": "SSRT090065", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126815897824020&w=2" + }, + { + "name": "ADV-2010-0555", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0555" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0469.json b/2010/0xxx/CVE-2010-0469.json index e16234d2243..e483f65ccc0 100644 --- a/2010/0xxx/CVE-2010-0469.json +++ b/2010/0xxx/CVE-2010-0469.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, and possibly other versions and models, allows remote attackers to execute arbitrary SQL commands via unspecified parameters to the login page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100125 DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0499.html" - }, - { - "name" : "http://packetstormsecurity.org/1001-advisories/DDIVRT-2009-27.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-advisories/DDIVRT-2009-27.txt" - }, - { - "name" : "61976", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61976" - }, - { - "name" : "38310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38310" - }, - { - "name" : "f2l3000-login-sql-injection(55950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, and possibly other versions and models, allows remote attackers to execute arbitrary SQL commands via unspecified parameters to the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38310" + }, + { + "name": "f2l3000-login-sql-injection(55950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55950" + }, + { + "name": "20100125 DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0499.html" + }, + { + "name": "61976", + "refsource": "OSVDB", + "url": "http://osvdb.org/61976" + }, + { + "name": "http://packetstormsecurity.org/1001-advisories/DDIVRT-2009-27.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-advisories/DDIVRT-2009-27.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0619.json b/2010/0xxx/CVE-2010-0619.json index 4c0ec0752de..0e7f1b65106 100644 --- a/2010/0xxx/CVE-2010-0619.json +++ b/2010/0xxx/CVE-2010-0619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100322 {PRL} Lexmark Multiple Laser Printer Remote Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510251/100/0/threaded" - }, - { - "name" : "http://support.lexmark.com/index?page=content&id=TE84&locale=EN&userlocale=EN_US", - "refsource" : "CONFIRM", - "url" : "http://support.lexmark.com/index?page=content&id=TE84&locale=EN&userlocale=EN_US" - }, - { - "name" : "38901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100322 {PRL} Lexmark Multiple Laser Printer Remote Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510251/100/0/threaded" + }, + { + "name": "http://support.lexmark.com/index?page=content&id=TE84&locale=EN&userlocale=EN_US", + "refsource": "CONFIRM", + "url": "http://support.lexmark.com/index?page=content&id=TE84&locale=EN&userlocale=EN_US" + }, + { + "name": "38901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38901" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1379.json b/2010/1xxx/CVE-2010-1379.json index 555efb7e28c..ecda159389e 100644 --- a/2010/1xxx/CVE-2010-1379.json +++ b/2010/1xxx/CVE-2010-1379.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "40871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40871" - }, - { - "name" : "1024103", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024103" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "40871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40871" + }, + { + "name": "1024103", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024103" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1754.json b/2010/1xxx/CVE-2010-1754.json index 924b9d101ac..54f8488bbc9 100644 --- a/2010/1xxx/CVE-2010-1754.json +++ b/2010/1xxx/CVE-2010-1754.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "41016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41016" - }, - { - "name" : "appleios-passcodelock-security-bypass(59633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "appleios-passcodelock-security-bypass(59633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633" + }, + { + "name": "41016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41016" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1803.json b/2010/1xxx/CVE-2010-1803.json index 3ec8580e576..55f971e45ff 100644 --- a/2010/1xxx/CVE-2010-1803.json +++ b/2010/1xxx/CVE-2010-1803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1937.json b/2010/1xxx/CVE-2010-1937.json index cb91f39b546..7103a3c21ac 100644 --- a/2010/1xxx/CVE-2010-1937.json +++ b/2010/1xxx/CVE-2010-1937.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100601 SFCB vulnerabilities", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=bugtraq&m=127549079109192&w=2" - }, - { - "name" : "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.84&r2=1.85", - "refsource" : "CONFIRM", - "url" : "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.84&r2=1.85" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784" - }, - { - "name" : "40018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40018" - }, - { - "name" : "ADV-2010-1312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.84&r2=1.85", + "refsource": "CONFIRM", + "url": "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.84&r2=1.85" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784" + }, + { + "name": "40018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40018" + }, + { + "name": "ADV-2010-1312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1312" + }, + { + "name": "[oss-security] 20100601 SFCB vulnerabilities", + "refsource": "MLIST", + "url": "http://marc.info/?l=bugtraq&m=127549079109192&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4419.json b/2010/4xxx/CVE-2010-4419.json index 149109c5388..f64476397cb 100644 --- a/2010/4xxx/CVE-2010-4419.json +++ b/2010/4xxx/CVE-2010-4419.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #31 and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45879" - }, - { - "name" : "1024978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024978" - }, - { - "name" : "42981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42981" - }, - { - "name" : "ADV-2011-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0147" - }, - { - "name" : "peoplesoft-ordercapture-unauth-access(64792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #31 and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0147" + }, + { + "name": "45879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45879" + }, + { + "name": "peoplesoft-ordercapture-unauth-access(64792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64792" + }, + { + "name": "1024978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024978" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "42981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42981" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4601.json b/2010/4xxx/CVE-2010-4601.json index a7e77c825a3..abdc4fa0162 100644 --- a/2010/4xxx/CVE-2010-4601.json +++ b/2010/4xxx/CVE-2010-4601.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM01811", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811" - }, - { - "name" : "42624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM01811", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811" + }, + { + "name": "42624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42624" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4963.json b/2010/4xxx/CVE-2010-4963.json index de8002fb1e7..31f46915c10 100644 --- a/2010/4xxx/CVE-2010-4963.json +++ b/2010/4xxx/CVE-2010-4963.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100805 SQL injection vulnerability in BXR", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512887/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1008-exploits/bxr-sqlxssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1008-exploits/bxr-sqlxssxsrf.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_bxr.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_bxr.html" - }, - { - "name" : "http://dev.hulihanapplications.com/issues/show/203", - "refsource" : "CONFIRM", - "url" : "http://dev.hulihanapplications.com/issues/show/203" - }, - { - "name" : "40875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40875" - }, - { - "name" : "8470", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8470" - }, - { - "name" : "ADV-2010-2023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_bxr.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_bxr.html" + }, + { + "name": "40875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40875" + }, + { + "name": "20100805 SQL injection vulnerability in BXR", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512887/100/0/threaded" + }, + { + "name": "http://dev.hulihanapplications.com/issues/show/203", + "refsource": "CONFIRM", + "url": "http://dev.hulihanapplications.com/issues/show/203" + }, + { + "name": "8470", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8470" + }, + { + "name": "http://packetstormsecurity.org/1008-exploits/bxr-sqlxssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1008-exploits/bxr-sqlxssxsrf.txt" + }, + { + "name": "ADV-2010-2023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2023" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5328.json b/2010/5xxx/CVE-2010-5328.json index f528a10ca7a..3f33e04334c 100644 --- a/2010/5xxx/CVE-2010-5328.json +++ b/2010/5xxx/CVE-2010-5328.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/21/2" - }, - { - "name" : "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35", - "refsource" : "CONFIRM", - "url" : "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358840", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358840" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023" - }, - { - "name" : "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df" - }, - { - "name" : "97103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df" + }, + { + "name": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df" + }, + { + "name": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023" + }, + { + "name": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35", + "refsource": "CONFIRM", + "url": "http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023" + }, + { + "name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/21/2" + }, + { + "name": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd" + }, + { + "name": "97103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97103" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358840" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0587.json b/2014/0xxx/CVE-2014-0587.json index 48009a0bbf7..c443990db6f 100644 --- a/2014/0xxx/CVE-2014-0587.json +++ b/2014/0xxx/CVE-2014-0587.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1258.json b/2014/1xxx/CVE-2014-1258.json index b8f34c1f387..61405cce159 100644 --- a/2014/1xxx/CVE-2014-1258.json +++ b/2014/1xxx/CVE-2014-1258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6150", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6150", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6150" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1635.json b/2014/1xxx/CVE-2014-1635.json index 04dc45eaec9..de8205d8277 100644 --- a/2014/1xxx/CVE-2014-1635.json +++ b/2014/1xxx/CVE-2014-1635.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35184", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35184" - }, - { - "name" : "https://labs.integrity.pt/advisories/cve-2014-1635/", - "refsource" : "MISC", - "url" : "https://labs.integrity.pt/advisories/cve-2014-1635/" - }, - { - "name" : "https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/", - "refsource" : "MISC", - "url" : "https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/" - }, - { - "name" : "http://www.belkin.com/us/support-article?articleNum=4831", - "refsource" : "CONFIRM", - "url" : "http://www.belkin.com/us/support-article?articleNum=4831" - }, - { - "name" : "70977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70977" - }, - { - "name" : "114345", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/114345" - }, - { - "name" : "1031210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/", + "refsource": "MISC", + "url": "https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/" + }, + { + "name": "35184", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35184" + }, + { + "name": "http://www.belkin.com/us/support-article?articleNum=4831", + "refsource": "CONFIRM", + "url": "http://www.belkin.com/us/support-article?articleNum=4831" + }, + { + "name": "https://labs.integrity.pt/advisories/cve-2014-1635/", + "refsource": "MISC", + "url": "https://labs.integrity.pt/advisories/cve-2014-1635/" + }, + { + "name": "114345", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/114345" + }, + { + "name": "1031210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031210" + }, + { + "name": "70977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70977" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1929.json b/2014/1xxx/CVE-2014-1929.json index 6f5f56d2c3f..18f6937c31e 100644 --- a/2014/1xxx/CVE-2014-1929.json +++ b/2014/1xxx/CVE-2014-1929.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to \"option injection through positional arguments.\" NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/245" - }, - { - "name" : "[oss-security] 20140212 Re: CVE request: python-gnupg before 0.3.5 shell injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/335" - }, - { - "name" : "DSA-2946", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2946" - }, - { - "name" : "59031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to \"option injection through positional arguments.\" NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2946", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2946" + }, + { + "name": "[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/245" + }, + { + "name": "[oss-security] 20140212 Re: CVE request: python-gnupg before 0.3.5 shell injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/335" + }, + { + "name": "59031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59031" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4341.json b/2014/4xxx/CVE-2014-4341.json index b8d4d2ff7b8..e4758b0c65e 100644 --- a/2014/4xxx/CVE-2014-4341.json +++ b/2014/4xxx/CVE-2014-4341.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949" - }, - { - "name" : "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0345.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0345.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc" - }, - { - "name" : "DSA-3000", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3000" - }, - { - "name" : "FEDORA-2014-8189", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html" - }, - { - "name" : "GLSA-201412-53", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-53.xml" - }, - { - "name" : "MDVSA-2014:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165" - }, - { - "name" : "RHSA-2015:0439", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0439.html" - }, - { - "name" : "68909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68909" - }, - { - "name" : "1030706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030706" - }, - { - "name" : "60448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60448" - }, - { - "name" : "59102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59102" - }, - { - "name" : "60082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60082" - }, - { - "name" : "mit-kerberos-cve20144341-dos(94904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73" + }, + { + "name": "mit-kerberos-cve20144341-dos(94904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc" + }, + { + "name": "RHSA-2015:0439", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html" + }, + { + "name": "60448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60448" + }, + { + "name": "FEDORA-2014-8189", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html" + }, + { + "name": "68909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68909" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949" + }, + { + "name": "DSA-3000", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3000" + }, + { + "name": "MDVSA-2014:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165" + }, + { + "name": "GLSA-201412-53", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml" + }, + { + "name": "1030706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030706" + }, + { + "name": "60082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60082" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0345.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0345.html" + }, + { + "name": "59102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59102" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4369.json b/2014/4xxx/CVE-2014-4369.json index 48eee25c01f..61ad15e7c15 100644 --- a/2014/4xxx/CVE-2014-4369.json +++ b/2014/4xxx/CVE-2014-4369.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69929" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144369-dos(96106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "69929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69929" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "appleios-cve20144369-dos(96106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96106" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4664.json b/2014/4xxx/CVE-2014-4664.json index 47ceaab1113..e4375c167b3 100644 --- a/2014/4xxx/CVE-2014-4664.json +++ b/2014/4xxx/CVE-2014-4664.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141105 WordPress Wordfence Firewall 5.1.2 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533907/100/0/threaded" - }, - { - "name" : "http://hacktivity.websecgeeks.com/word-press-firewall-plugin-xss/", - "refsource" : "MISC", - "url" : "http://hacktivity.websecgeeks.com/word-press-firewall-plugin-xss/" - }, - { - "name" : "http://www.wordfence.com/blog/2014/06/security-fix-wordfence-5-1-4/", - "refsource" : "CONFIRM", - "url" : "http://www.wordfence.com/blog/2014/06/security-fix-wordfence-5-1-4/" - }, - { - "name" : "https://wordpress.org/plugins/wordfence/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wordfence/changelog/" - }, - { - "name" : "70911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70911" - }, - { - "name" : "70915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70911" + }, + { + "name": "20141105 WordPress Wordfence Firewall 5.1.2 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533907/100/0/threaded" + }, + { + "name": "http://www.wordfence.com/blog/2014/06/security-fix-wordfence-5-1-4/", + "refsource": "CONFIRM", + "url": "http://www.wordfence.com/blog/2014/06/security-fix-wordfence-5-1-4/" + }, + { + "name": "http://hacktivity.websecgeeks.com/word-press-firewall-plugin-xss/", + "refsource": "MISC", + "url": "http://hacktivity.websecgeeks.com/word-press-firewall-plugin-xss/" + }, + { + "name": "70915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70915" + }, + { + "name": "https://wordpress.org/plugins/wordfence/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wordfence/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4861.json b/2014/4xxx/CVE-2014-4861.json index 604d9e93741..c63bf45365b 100644 --- a/2014/4xxx/CVE-2014-4861.json +++ b/2014/4xxx/CVE-2014-4861.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/", - "refsource" : "CONFIRM", - "url" : "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/", + "refsource": "CONFIRM", + "url": "http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4889.json b/2014/4xxx/CVE-2014-4889.json index 5d32ac99cac..ff437989b4f 100644 --- a/2014/4xxx/CVE-2014-4889.json +++ b/2014/4xxx/CVE-2014-4889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#771257", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/771257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#771257", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/771257" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4891.json b/2014/4xxx/CVE-2014-4891.json index 9b02f630b92..eb4ffb581bd 100644 --- a/2014/4xxx/CVE-2014-4891.json +++ b/2014/4xxx/CVE-2014-4891.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#587953", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/587953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#587953", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/587953" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9533.json b/2014/9xxx/CVE-2014-9533.json index bc96cabf6c2..3a0ff8cb769 100644 --- a/2014/9xxx/CVE-2014-9533.json +++ b/2014/9xxx/CVE-2014-9533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9533", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9533", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3416.json b/2016/3xxx/CVE-2016-3416.json index 3f61b1925e6..95c3bcce4be 100644 --- a/2016/3xxx/CVE-2016-3416.json +++ b/2016/3xxx/CVE-2016-3416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "86461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86461" - }, - { - "name" : "1035615", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86461" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "1035615", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035615" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3455.json b/2016/3xxx/CVE-2016-3455.json index e7bc35cdb70..ce3ed51867e 100644 --- a/2016/3xxx/CVE-2016-3455.json +++ b/2016/3xxx/CVE-2016-3455.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "86437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86437" - }, - { - "name" : "1035618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86437" + }, + { + "name": "1035618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035618" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3531.json b/2016/3xxx/CVE-2016-3531.json index a7abebac18e..24954e526cc 100644 --- a/2016/3xxx/CVE-2016-3531.json +++ b/2016/3xxx/CVE-2016-3531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "92018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92018" - }, - { - "name" : "1036402", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "92018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92018" + }, + { + "name": "1036402", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036402" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3665.json b/2016/3xxx/CVE-2016-3665.json index 33612d64f4a..cc363675908 100644 --- a/2016/3xxx/CVE-2016-3665.json +++ b/2016/3xxx/CVE-2016-3665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3981.json b/2016/3xxx/CVE-2016-3981.json index 273fe68b3a8..ce33d987002 100644 --- a/2016/3xxx/CVE-2016-3981.json +++ b/2016/3xxx/CVE-2016-3981.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.fi/media/afl/optipng/1/", - "refsource" : "MISC", - "url" : "http://bugs.fi/media/afl/optipng/1/" - }, - { - "name" : "https://sourceforge.net/p/optipng/bugs/56/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/optipng/bugs/56/" - }, - { - "name" : "DSA-3546", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3546" - }, - { - "name" : "GLSA-201608-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201608-01" - }, - { - "name" : "openSUSE-SU-2016:1078", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html" - }, - { - "name" : "openSUSE-SU-2016:1082", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html" - }, - { - "name" : "USN-2951-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2951-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.fi/media/afl/optipng/1/", + "refsource": "MISC", + "url": "http://bugs.fi/media/afl/optipng/1/" + }, + { + "name": "https://sourceforge.net/p/optipng/bugs/56/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/optipng/bugs/56/" + }, + { + "name": "openSUSE-SU-2016:1082", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html" + }, + { + "name": "DSA-3546", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3546" + }, + { + "name": "USN-2951-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2951-1" + }, + { + "name": "openSUSE-SU-2016:1078", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html" + }, + { + "name": "GLSA-201608-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201608-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6676.json b/2016/6xxx/CVE-2016-6676.json index 4b5234c09ec..5905e2bedf0 100644 --- a/2016/6xxx/CVE-2016-6676.json +++ b/2016/6xxx/CVE-2016-6676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6ba9136879232442a182996427e5c88e5a7512a8", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6ba9136879232442a182996427e5c88e5a7512a8" - }, - { - "name" : "93328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6ba9136879232442a182996427e5c88e5a7512a8", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6ba9136879232442a182996427e5c88e5a7512a8" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93328" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7720.json b/2016/7xxx/CVE-2016-7720.json index 7ef290e0913..305a04c92d2 100644 --- a/2016/7xxx/CVE-2016-7720.json +++ b/2016/7xxx/CVE-2016-7720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7720", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7720", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7742.json b/2016/7xxx/CVE-2016-7742.json index 10fd1beb352..d6c69a46ed0 100644 --- a/2016/7xxx/CVE-2016-7742.json +++ b/2016/7xxx/CVE-2016-7742.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"xar\" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"xar\" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7857.json b/2016/7xxx/CVE-2016-7857.json index b8094384330..d7928f699aa 100644 --- a/2016/7xxx/CVE-2016-7857.json +++ b/2016/7xxx/CVE-2016-7857.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-596", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-596" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" - }, - { - "name" : "GLSA-201611-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-18" - }, - { - "name" : "MS16-141", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141" - }, - { - "name" : "RHSA-2016:2676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2676.html" - }, - { - "name" : "94153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94153" - }, - { - "name" : "1037240", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-141", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" + }, + { + "name": "94153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94153" + }, + { + "name": "RHSA-2016:2676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-596", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-596" + }, + { + "name": "1037240", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037240" + }, + { + "name": "GLSA-201611-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-18" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8088.json b/2016/8xxx/CVE-2016-8088.json index 499e7aa74db..8bf0ea71a17 100644 --- a/2016/8xxx/CVE-2016-8088.json +++ b/2016/8xxx/CVE-2016-8088.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8088", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8088", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8535.json b/2016/8xxx/CVE-2016-8535.json index 302096900b4..2e83e8c9c44 100644 --- a/2016/8xxx/CVE-2016-8535.json +++ b/2016/8xxx/CVE-2016-8535.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-02-03T00:00:00", - "ID" : "CVE-2016-8535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Http Parameter Pollutio" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-02-03T00:00:00", + "ID": "CVE-2016-8535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "v7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Http Parameter Pollutio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9494.json b/2016/9xxx/CVE-2016-9494.json index 221d8c7f086..e81f4e8d9a0 100644 --- a/2016/9xxx/CVE-2016-9494.json +++ b/2016/9xxx/CVE-2016-9494.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-9494", - "STATE" : "PUBLIC", - "TITLE" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HN7740S", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DW7000", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "HN7000S/SM", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Hughes Satellite Modem" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9494", + "STATE": "PUBLIC", + "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HN7740S", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DW7000", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "HN7000S/SM", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Hughes Satellite Modem" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#614751", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/614751" - }, - { - "name" : "96244", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/96244" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96244", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96244" + }, + { + "name": "VU#614751", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/614751" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9810.json b/2016/9xxx/CVE-2016-9810.json index f6f566d5ec4..c69f0b0acaa 100644 --- a/2016/9xxx/CVE-2016-9810.json +++ b/2016/9xxx/CVE-2016-9810.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161201 gstreamer multiple issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/01/2" - }, - { - "name" : "[oss-security] 20161204 Re: gstreamer multiple issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/8" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=774897", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=774897" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "95163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95163" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=774897", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=774897" + }, + { + "name": "[oss-security] 20161204 Re: gstreamer multiple issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/8" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20161201 gstreamer multiple issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/01/2" + } + ] + } +} \ No newline at end of file