From 9140e67086d7e9eae5c0474681495c67344299f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:44:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0038.json | 290 +++++++-------- 2006/0xxx/CVE-2006-0286.json | 200 +++++----- 2006/0xxx/CVE-2006-0427.json | 180 ++++----- 2006/0xxx/CVE-2006-0633.json | 130 +++---- 2006/0xxx/CVE-2006-0640.json | 120 +++--- 2006/1xxx/CVE-2006-1038.json | 170 ++++----- 2006/1xxx/CVE-2006-1133.json | 180 ++++----- 2006/1xxx/CVE-2006-1209.json | 180 ++++----- 2006/1xxx/CVE-2006-1335.json | 150 ++++---- 2006/1xxx/CVE-2006-1542.json | 150 ++++---- 2006/4xxx/CVE-2006-4074.json | 170 ++++----- 2006/4xxx/CVE-2006-4269.json | 160 ++++---- 2006/4xxx/CVE-2006-4566.json | 690 +++++++++++++++++------------------ 2006/4xxx/CVE-2006-4732.json | 140 +++---- 2006/4xxx/CVE-2006-4935.json | 120 +++--- 2010/2xxx/CVE-2010-2372.json | 120 +++--- 2010/2xxx/CVE-2010-2587.json | 160 ++++---- 2010/2xxx/CVE-2010-2604.json | 180 ++++----- 2010/3xxx/CVE-2010-3038.json | 160 ++++---- 2010/3xxx/CVE-2010-3375.json | 34 +- 2010/3xxx/CVE-2010-3737.json | 140 +++---- 2010/3xxx/CVE-2010-3815.json | 34 +- 2010/3xxx/CVE-2010-3884.json | 120 +++--- 2010/4xxx/CVE-2010-4109.json | 150 ++++---- 2010/4xxx/CVE-2010-4804.json | 170 ++++----- 2010/4xxx/CVE-2010-4933.json | 150 ++++---- 2010/4xxx/CVE-2010-4960.json | 170 ++++----- 2011/1xxx/CVE-2011-1385.json | 220 +++++------ 2011/1xxx/CVE-2011-1987.json | 140 +++---- 2011/5xxx/CVE-2011-5286.json | 120 +++--- 2014/3xxx/CVE-2014-3190.json | 160 ++++---- 2014/3xxx/CVE-2014-3261.json | 120 +++--- 2014/3xxx/CVE-2014-3440.json | 140 +++---- 2014/3xxx/CVE-2014-3686.json | 270 +++++++------- 2014/3xxx/CVE-2014-3988.json | 120 +++--- 2014/7xxx/CVE-2014-7104.json | 140 +++---- 2014/7xxx/CVE-2014-7291.json | 140 +++---- 2014/8xxx/CVE-2014-8279.json | 34 +- 2014/8xxx/CVE-2014-8543.json | 150 ++++---- 2014/9xxx/CVE-2014-9035.json | 180 ++++----- 2014/9xxx/CVE-2014-9182.json | 120 +++--- 2014/9xxx/CVE-2014-9361.json | 130 +++---- 2014/9xxx/CVE-2014-9581.json | 120 +++--- 2016/2xxx/CVE-2016-2065.json | 140 +++---- 2016/2xxx/CVE-2016-2392.json | 200 +++++----- 2016/2xxx/CVE-2016-2450.json | 130 +++---- 2016/2xxx/CVE-2016-2790.json | 370 +++++++++---------- 2016/6xxx/CVE-2016-6318.json | 150 ++++---- 2016/6xxx/CVE-2016-6390.json | 34 +- 2016/6xxx/CVE-2016-6423.json | 140 +++---- 2016/6xxx/CVE-2016-6672.json | 130 +++---- 2016/6xxx/CVE-2016-6749.json | 136 +++---- 2016/7xxx/CVE-2016-7178.json | 170 ++++----- 2016/7xxx/CVE-2016-7511.json | 130 +++---- 2017/5xxx/CVE-2017-5060.json | 170 ++++----- 2017/5xxx/CVE-2017-5359.json | 170 ++++----- 56 files changed, 4496 insertions(+), 4496 deletions(-) diff --git a/2006/0xxx/CVE-2006-0038.json b/2006/0xxx/CVE-2006-0038.json index c83af1ac1bf..3f3d73d338f 100644 --- a/2006/0xxx/CVE-2006-0038.json +++ b/2006/0xxx/CVE-2006-0038.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using \"virtualization solutions\" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" - }, - { - "name" : "DSA-1097", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1097" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "RHSA-2006:0575", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17178" - }, - { - "name" : "oval:org.mitre.oval:def:10945", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10945" - }, - { - "name" : "ADV-2006-1046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1046" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "19330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19330" - }, - { - "name" : "20671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20671" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "21465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21465" - }, - { - "name" : "22417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22417" - }, - { - "name" : "linux-netfilter-doreplace-overflow(25400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using \"virtualization solutions\" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-netfilter-doreplace-overflow(25400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25400" + }, + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "ADV-2006-1046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1046" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "DSA-1097", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1097" + }, + { + "name": "RHSA-2006:0575", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html" + }, + { + "name": "oval:org.mitre.oval:def:10945", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10945" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "21465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21465" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" + }, + { + "name": "22417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22417" + }, + { + "name": "19330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19330" + }, + { + "name": "17178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17178" + }, + { + "name": "20671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20671" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0286.json b/2006/0xxx/CVE-2006-0286.json index 51696b8cadd..aa5fb5e0d02 100644 --- a/2006/0xxx/CVE-2006-0286.json +++ b/2006/0xxx/CVE-2006-0286.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0427.json b/2006/0xxx/CVE-2006-0427.json index 4e4adf9dfd3..ba4d0bb4853 100644 --- a/2006/0xxx/CVE-2006-0427.json +++ b/2006/0xxx/CVE-2006-0427.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-114.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/171" - }, - { - "name" : "16358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16358" - }, - { - "name" : "ADV-2006-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0313" - }, - { - "name" : "22774", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22774" - }, - { - "name" : "1015528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015528" - }, - { - "name" : "18592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18592" - }, - { - "name" : "weblogic-servlets-obtain-information(24291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0313" + }, + { + "name": "BEA06-114.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/171" + }, + { + "name": "1015528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015528" + }, + { + "name": "18592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18592" + }, + { + "name": "22774", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22774" + }, + { + "name": "weblogic-servlets-obtain-information(24291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24291" + }, + { + "name": "16358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16358" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0633.json b/2006/0xxx/CVE-2006-0633.json index 8744a736caf..2e614edd270 100644 --- a/2006/0xxx/CVE-2006-0633.json +++ b/2006/0xxx/CVE-2006-0633.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.r-security.net/tutorials/view/readtutorial.php?id=4", - "refsource" : "MISC", - "url" : "http://www.r-security.net/tutorials/view/readtutorial.php?id=4" - }, - { - "name" : "http://forums.invisionpower.com/lofiversion/index.php/t200085.html", - "refsource" : "MISC", - "url" : "http://forums.invisionpower.com/lofiversion/index.php/t200085.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html", + "refsource": "MISC", + "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html" + }, + { + "name": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4", + "refsource": "MISC", + "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0640.json b/2006/0xxx/CVE-2006-0640.json index f8dba411a8c..be1053b9931 100644 --- a/2006/0xxx/CVE-2006-0640.json +++ b/2006/0xxx/CVE-2006-0640.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060202 Issues with security software: orbicule.com \"Undercover\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423955/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060202 Issues with security software: orbicule.com \"Undercover\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423955/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1038.json b/2006/1xxx/CVE-2006-1038.json index d3f5751bd24..ef359a3adf1 100644 --- a/2006/1xxx/CVE-2006-1038.json +++ b/2006/1xxx/CVE-2006-1038.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a \"narrow\" string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vandyke.com/products/securecrt/history.txt", - "refsource" : "CONFIRM", - "url" : "http://www.vandyke.com/products/securecrt/history.txt" - }, - { - "name" : "http://www.vandyke.com/products/securefx/history.txt", - "refsource" : "CONFIRM", - "url" : "http://www.vandyke.com/products/securefx/history.txt" - }, - { - "name" : "16935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16935" - }, - { - "name" : "ADV-2006-0806", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0806" - }, - { - "name" : "19040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19040" - }, - { - "name" : "securecrt-securefx-string-bo(25092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a \"narrow\" string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "securecrt-securefx-string-bo(25092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25092" + }, + { + "name": "16935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16935" + }, + { + "name": "19040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19040" + }, + { + "name": "http://www.vandyke.com/products/securecrt/history.txt", + "refsource": "CONFIRM", + "url": "http://www.vandyke.com/products/securecrt/history.txt" + }, + { + "name": "http://www.vandyke.com/products/securefx/history.txt", + "refsource": "CONFIRM", + "url": "http://www.vandyke.com/products/securefx/history.txt" + }, + { + "name": "ADV-2006-0806", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0806" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1133.json b/2006/1xxx/CVE-2006-1133.json index c63e4ccbc6d..6c12f15cfc1 100644 --- a/2006/1xxx/CVE-2006-1133.json +++ b/2006/1xxx/CVE-2006-1133.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 SQL injection & XSS IN vbzoom v1.11", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426874/100/0/threaded" - }, - { - "name" : "16956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16956" - }, - { - "name" : "16969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16969" - }, - { - "name" : "23812", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23812" - }, - { - "name" : "23813", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23813" - }, - { - "name" : "552", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/552" - }, - { - "name" : "vbzoom-comment-contact-xss(25090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16956" + }, + { + "name": "20060306 SQL injection & XSS IN vbzoom v1.11", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426874/100/0/threaded" + }, + { + "name": "vbzoom-comment-contact-xss(25090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25090" + }, + { + "name": "23813", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23813" + }, + { + "name": "552", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/552" + }, + { + "name": "16969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16969" + }, + { + "name": "23812", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23812" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1209.json b/2006/1xxx/CVE-2006-1209.json index 5ea4a9bd7ec..50ca6189ab0 100644 --- a/2006/1xxx/CVE-2006-1209.json +++ b/2006/1xxx/CVE-2006-1209.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 PHP Advanced Transfer Manager Download users password hashes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427216/100/0/threaded" - }, - { - "name" : "20060613 Re: PHP Advanced Transfer Manager Download users password hashes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437513/100/200/threaded" - }, - { - "name" : "http://biyosecurity.be/bugs/patm.txt", - "refsource" : "MISC", - "url" : "http://biyosecurity.be/bugs/patm.txt" - }, - { - "name" : "http://www.blogcu.com/Liz0ziM/316652/", - "refsource" : "MISC", - "url" : "http://www.blogcu.com/Liz0ziM/316652/" - }, - { - "name" : "17134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17134" - }, - { - "name" : "565", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/565" - }, - { - "name" : "phpatm-password-hash-disclosure(25127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blogcu.com/Liz0ziM/316652/", + "refsource": "MISC", + "url": "http://www.blogcu.com/Liz0ziM/316652/" + }, + { + "name": "20060309 PHP Advanced Transfer Manager Download users password hashes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427216/100/0/threaded" + }, + { + "name": "http://biyosecurity.be/bugs/patm.txt", + "refsource": "MISC", + "url": "http://biyosecurity.be/bugs/patm.txt" + }, + { + "name": "20060613 Re: PHP Advanced Transfer Manager Download users password hashes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437513/100/200/threaded" + }, + { + "name": "565", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/565" + }, + { + "name": "17134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17134" + }, + { + "name": "phpatm-password-hash-disclosure(25127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25127" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1335.json b/2006/1xxx/CVE-2006-1335.json index 0982a53e4e9..5605ecdfe81 100644 --- a/2006/1xxx/CVE-2006-1335.json +++ b/2006/1xxx/CVE-2006-1335.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=326663", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=326663" - }, - { - "name" : "24015", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24015" - }, - { - "name" : "19280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19280" - }, - { - "name" : "gnomescreensaver-security-bypass(25340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnomescreensaver-security-bypass(25340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25340" + }, + { + "name": "19280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19280" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=326663", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=326663" + }, + { + "name": "24015", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24015" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1542.json b/2006/1xxx/CVE-2006-1542.json index 44cd7db6124..25f1343ae34 100644 --- a/2006/1xxx/CVE-2006-1542.json +++ b/2006/1xxx/CVE-2006-1542.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a \"stack overflow,\" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1591", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1591" - }, - { - "name" : "http://www.gotfault.net/research/exploit/gexp-python.py", - "refsource" : "MISC", - "url" : "http://www.gotfault.net/research/exploit/gexp-python.py" - }, - { - "name" : "RHSA-2008:0629", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0629.html" - }, - { - "name" : "31492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a \"stack overflow,\" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31492" + }, + { + "name": "RHSA-2008:0629", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" + }, + { + "name": "1591", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1591" + }, + { + "name": "http://www.gotfault.net/research/exploit/gexp-python.py", + "refsource": "MISC", + "url": "http://www.gotfault.net/research/exploit/gexp-python.py" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4074.json b/2006/4xxx/CVE-2006-4074.json index 15b13bbc356..731649cf27d 100644 --- a/2006/4xxx/CVE-2006-4074.json +++ b/2006/4xxx/CVE-2006-4074.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2125", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2125" - }, - { - "name" : "http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/", - "refsource" : "CONFIRM", - "url" : "http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/" - }, - { - "name" : "19373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19373" - }, - { - "name" : "ADV-2006-3192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3192" - }, - { - "name" : "21389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21389" - }, - { - "name" : "jdwiki-main-file-include(28253)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21389" + }, + { + "name": "ADV-2006-3192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3192" + }, + { + "name": "19373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19373" + }, + { + "name": "2125", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2125" + }, + { + "name": "http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/", + "refsource": "CONFIRM", + "url": "http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/" + }, + { + "name": "jdwiki-main-file-include(28253)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28253" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4269.json b/2006/4xxx/CVE-2006-4269.json index e9e6b24f284..00ce08205c1 100644 --- a/2006/4xxx/CVE-2006-4269.json +++ b/2006/4xxx/CVE-2006-4269.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060818 Joomla x-shop <= 1.7 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443625/100/0/threaded" - }, - { - "name" : "20060818 Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0427.html" - }, - { - "name" : "19588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19588" - }, - { - "name" : "28095", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28095" - }, - { - "name" : "xshop-admin-file-include(28451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28095", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28095" + }, + { + "name": "xshop-admin-file-include(28451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28451" + }, + { + "name": "19588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19588" + }, + { + "name": "20060818 Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0427.html" + }, + { + "name": "20060818 Joomla x-shop <= 1.7 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443625/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4566.json b/2006/4xxx/CVE-2006-4566.json index ee2d22e92ef..643049c7efd 100644 --- a/2006/4xxx/CVE-2006-4566.json +++ b/2006/4xxx/CVE-2006-4566.json @@ -1,347 +1,347 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (\"[\\\\\"), which leads to a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 rPSA-2006-0169-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-640", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-640" - }, - { - "name" : "DSA-1191", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1191" - }, - { - "name" : "DSA-1192", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1192" - }, - { - "name" : "DSA-1210", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1210" - }, - { - "name" : "GLSA-200609-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml" - }, - { - "name" : "GLSA-200610-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml" - }, - { - "name" : "GLSA-200610-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "MDKSA-2006:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" - }, - { - "name" : "MDKSA-2006:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" - }, - { - "name" : "RHSA-2006:0676", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html" - }, - { - "name" : "RHSA-2006:0677", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html" - }, - { - "name" : "RHSA-2006:0675", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:054", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-351-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-351-1" - }, - { - "name" : "USN-352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-352-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "VU#141528", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/141528" - }, - { - "name" : "20042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20042" - }, - { - "name" : "oval:org.mitre.oval:def:9637", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9637" - }, - { - "name" : "ADV-2006-3617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3617" - }, - { - "name" : "ADV-2007-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1198" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016846", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016846" - }, - { - "name" : "1016847", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016847" - }, - { - "name" : "1016848", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016848" - }, - { - "name" : "21906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21906" - }, - { - "name" : "21949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21949" - }, - { - "name" : "21915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21915" - }, - { - "name" : "21916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21916" - }, - { - "name" : "21939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21939" - }, - { - "name" : "21940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21940" - }, - { - "name" : "21950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21950" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "22001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22001" - }, - { - "name" : "22025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22025" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22074" - }, - { - "name" : "22088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22088" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22247" - }, - { - "name" : "22274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22274" - }, - { - "name" : "22299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22299" - }, - { - "name" : "22391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22391" - }, - { - "name" : "22422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22422" - }, - { - "name" : "22849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22849" - }, - { - "name" : "22056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22056" - }, - { - "name" : "22195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22195" - }, - { - "name" : "24711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24711" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-backslash-dos(28958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (\"[\\\\\"), which leads to a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016847", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016847" + }, + { + "name": "22391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22391" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "RHSA-2006:0676", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" + }, + { + "name": "VU#141528", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/141528" + }, + { + "name": "oval:org.mitre.oval:def:9637", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9637" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "22195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22195" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html" + }, + { + "name": "USN-352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-352-1" + }, + { + "name": "21950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21950" + }, + { + "name": "USN-351-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-351-1" + }, + { + "name": "22025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22025" + }, + { + "name": "22056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22056" + }, + { + "name": "22247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22247" + }, + { + "name": "MDKSA-2006:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" + }, + { + "name": "DSA-1191", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1191" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "DSA-1210", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1210" + }, + { + "name": "24711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24711" + }, + { + "name": "GLSA-200610-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" + }, + { + "name": "22849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22849" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "21939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21939" + }, + { + "name": "1016848", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016848" + }, + { + "name": "ADV-2006-3617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3617" + }, + { + "name": "21915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21915" + }, + { + "name": "ADV-2007-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1198" + }, + { + "name": "RHSA-2006:0677", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" + }, + { + "name": "DSA-1192", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1192" + }, + { + "name": "GLSA-200609-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22274" + }, + { + "name": "RHSA-2006:0675", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" + }, + { + "name": "21940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21940" + }, + { + "name": "20042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20042" + }, + { + "name": "22001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22001" + }, + { + "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "21906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21906" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "GLSA-200610-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" + }, + { + "name": "22074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22074" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "22088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22088" + }, + { + "name": "21949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21949" + }, + { + "name": "SUSE-SA:2006:054", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-640", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-640" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "1016846", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016846" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "22422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22422" + }, + { + "name": "mozilla-backslash-dos(28958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28958" + }, + { + "name": "22299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22299" + }, + { + "name": "MDKSA-2006:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" + }, + { + "name": "21916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21916" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4732.json b/2006/4xxx/CVE-2006-4732.json index 1b6f1b6fd8b..bb44be7cd25 100644 --- a/2006/4xxx/CVE-2006-4732.json +++ b/2006/4xxx/CVE-2006-4732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact (\"overflow\") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060909 Microsoft visual basic 6. overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445784/100/0/threaded" - }, - { - "name" : "http://silversmith.persiangig.com/PoC.rar", - "refsource" : "MISC", - "url" : "http://silversmith.persiangig.com/PoC.rar" - }, - { - "name" : "1547", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact (\"overflow\") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060909 Microsoft visual basic 6. overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445784/100/0/threaded" + }, + { + "name": "1547", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1547" + }, + { + "name": "http://silversmith.persiangig.com/PoC.rar", + "refsource": "MISC", + "url": "http://silversmith.persiangig.com/PoC.rar" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4935.json b/2006/4xxx/CVE-2006-4935.json index 54f78e67529..310e9eae03f 100644 --- a/2006/4xxx/CVE-2006-4935.json +++ b/2006/4xxx/CVE-2006-4935.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2372.json b/2010/2xxx/CVE-2010-2372.json index 467af2950b2..c226ac96dce 100644 --- a/2010/2xxx/CVE-2010-2372.json +++ b/2010/2xxx/CVE-2010-2372.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2587.json b/2010/2xxx/CVE-2010-2587.json index bf9ebddbdfc..9579224fe15 100644 --- a/2010/2xxx/CVE-2010-2587.json +++ b/2010/2xxx/CVE-2010-2587.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-2587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" - }, - { - "name" : "46316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46316" - }, - { - "name" : "1025056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025056" - }, - { - "name" : "ADV-2011-0335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0335" - }, - { - "name" : "shockwave-director-ce(65243)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shockwave-director-ce(65243)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65243" + }, + { + "name": "ADV-2011-0335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0335" + }, + { + "name": "46316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46316" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html" + }, + { + "name": "1025056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025056" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2604.json b/2010/2xxx/CVE-2010-2604.json index ba22c0ca623..63f4b34895a 100644 --- a/2010/2xxx/CVE-2010-2604.json +++ b/2010/2xxx/CVE-2010-2604.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackberry.com/btsc/KB25382", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/KB25382" - }, - { - "name" : "45753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45753" - }, - { - "name" : "70393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70393" - }, - { - "name" : "1024953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024953" - }, - { - "name" : "42882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42882" - }, - { - "name" : "ADV-2011-0081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0081" - }, - { - "name" : "blackberry-pdf-distiller-bo(64621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0081" + }, + { + "name": "http://www.blackberry.com/btsc/KB25382", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/KB25382" + }, + { + "name": "blackberry-pdf-distiller-bo(64621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64621" + }, + { + "name": "42882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42882" + }, + { + "name": "1024953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024953" + }, + { + "name": "45753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45753" + }, + { + "name": "70393", + "refsource": "OSVDB", + "url": "http://osvdb.org/70393" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3038.json b/2010/3xxx/CVE-2010-3038.json index 897e02f84ab..c14fb9ed574 100644 --- a/2010/3xxx/CVE-2010-3038.json +++ b/2010/3xxx/CVE-2010-3038.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/167" - }, - { - "name" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", - "refsource" : "MISC", - "url" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt" - }, - { - "name" : "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html" - }, - { - "name" : "44924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44924" - }, - { - "name" : "1024753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", + "refsource": "MISC", + "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt" + }, + { + "name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html" + }, + { + "name": "1024753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024753" + }, + { + "name": "44924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44924" + }, + { + "name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/167" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3375.json b/2010/3xxx/CVE-2010-3375.json index ac6ba28eba4..0781630c6db 100644 --- a/2010/3xxx/CVE-2010-3375.json +++ b/2010/3xxx/CVE-2010-3375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3737.json b/2010/3xxx/CVE-2010-3737.json index d449be8ba51..09571850526 100644 --- a/2010/3xxx/CVE-2010-3737.json +++ b/2010/3xxx/CVE-2010-3737.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "LI75022", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022" - }, - { - "name" : "oval:org.mitre.oval:def:14567", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "oval:org.mitre.oval:def:14567", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567" + }, + { + "name": "LI75022", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3815.json b/2010/3xxx/CVE-2010-3815.json index 1d8ac72434a..7f7f2cad765 100644 --- a/2010/3xxx/CVE-2010-3815.json +++ b/2010/3xxx/CVE-2010-3815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3884.json b/2010/3xxx/CVE-2010-3884.json index 1b5b6dd08b2..602b79a47f2 100644 --- a/2010/3xxx/CVE-2010-3884.json +++ b/2010/3xxx/CVE-2010-3884.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40031" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4109.json b/2010/4xxx/CVE-2010-4109.json index afa51130ad6..2a226bf3ace 100644 --- a/2010/4xxx/CVE-2010-4109.json +++ b/2010/4xxx/CVE-2010-4109.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMI02614", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302" - }, - { - "name" : "SSRT100344", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302" - }, - { - "name" : "1024827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024827" - }, - { - "name" : "ADV-2010-3131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMI02614", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302" + }, + { + "name": "ADV-2010-3131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3131" + }, + { + "name": "SSRT100344", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02639302" + }, + { + "name": "1024827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024827" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4804.json b/2010/4xxx/CVE-2010-4804.json index 60ad3f72979..5ceb895e1c7 100644 --- a/2010/4xxx/CVE-2010-4804.json +++ b/2010/4xxx/CVE-2010-4804.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/", - "refsource" : "MISC", - "url" : "http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/" - }, - { - "name" : "http://www.csc.ncsu.edu/faculty/jiang/nexuss.html", - "refsource" : "MISC", - "url" : "http://www.csc.ncsu.edu/faculty/jiang/nexuss.html" - }, - { - "name" : "http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in-gingerbread-video-24116054/", - "refsource" : "MISC", - "url" : "http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in-gingerbread-video-24116054/" - }, - { - "name" : "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=f440831d76817e837164ca18c7705e81d2391f87", - "refsource" : "CONFIRM", - "url" : "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=f440831d76817e837164ca18c7705e81d2391f87" - }, - { - "name" : "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=604a598e1e01bda781600a45e0a971898a582666", - "refsource" : "CONFIRM", - "url" : "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=604a598e1e01bda781600a45e0a971898a582666" - }, - { - "name" : "48256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48256" + }, + { + "name": "http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in-gingerbread-video-24116054/", + "refsource": "MISC", + "url": "http://www.slashgear.com/android-data-theft-exploit-to-be-plugged-in-gingerbread-video-24116054/" + }, + { + "name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=604a598e1e01bda781600a45e0a971898a582666", + "refsource": "CONFIRM", + "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=604a598e1e01bda781600a45e0a971898a582666" + }, + { + "name": "http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/", + "refsource": "MISC", + "url": "http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/" + }, + { + "name": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=f440831d76817e837164ca18c7705e81d2391f87", + "refsource": "CONFIRM", + "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=f440831d76817e837164ca18c7705e81d2391f87" + }, + { + "name": "http://www.csc.ncsu.edu/faculty/jiang/nexuss.html", + "refsource": "MISC", + "url": "http://www.csc.ncsu.edu/faculty/jiang/nexuss.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4933.json b/2010/4xxx/CVE-2010-4933.json index d3b90d0cc62..2f01552f212 100644 --- a/2010/4xxx/CVE-2010-4933.json +++ b/2010/4xxx/CVE-2010-4933.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15091", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15091" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt" - }, - { - "name" : "43458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43458" - }, - { - "name" : "8457", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43458" + }, + { + "name": "15091", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15091" + }, + { + "name": "8457", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8457" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4960.json b/2010/4xxx/CVE-2010-4960.json index 0d26632c896..4339900ffa9 100644 --- a/2010/4xxx/CVE-2010-4960.json +++ b/2010/4xxx/CVE-2010-4960.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/" - }, - { - "name" : "42365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42365" - }, - { - "name" : "67032", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67032" - }, - { - "name" : "40951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40951" - }, - { - "name" : "branchenbuch-unspecified-xss(61054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/" + }, + { + "name": "branchenbuch-unspecified-xss(61054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054" + }, + { + "name": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/" + }, + { + "name": "40951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40951" + }, + { + "name": "42365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42365" + }, + { + "name": "67032", + "refsource": "OSVDB", + "url": "http://osvdb.org/67032" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1385.json b/2011/1xxx/CVE-2011-1385.json index 58fa88df777..33819e60eef 100644 --- a/2011/1xxx/CVE-2011-1385.json +++ b/2011/1xxx/CVE-2011-1385.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc" - }, - { - "name" : "IV03369", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV03369" - }, - { - "name" : "IV04695", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV04695" - }, - { - "name" : "IV07188", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV07188" - }, - { - "name" : "IV08255", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV08255" - }, - { - "name" : "IV13554", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV13554" - }, - { - "name" : "IV13672", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV13672" - }, - { - "name" : "52172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52172" - }, - { - "name" : "79631", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79631" - }, - { - "name" : "1026742", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026742" - }, - { - "name" : "48149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV13554", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13554" + }, + { + "name": "79631", + "refsource": "OSVDB", + "url": "http://osvdb.org/79631" + }, + { + "name": "IV08255", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV08255" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc" + }, + { + "name": "IV07188", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV07188" + }, + { + "name": "IV04695", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV04695" + }, + { + "name": "52172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52172" + }, + { + "name": "IV13672", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13672" + }, + { + "name": "48149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48149" + }, + { + "name": "IV03369", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV03369" + }, + { + "name": "1026742", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026742" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1987.json b/2011/1xxx/CVE-2011-1987.json index 1231277a286..2c973101b92 100644 --- a/2011/1xxx/CVE-2011-1987.json +++ b/2011/1xxx/CVE-2011-1987.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12953", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Out of Bounds Array Indexing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12953", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953" + }, + { + "name": "MS11-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5286.json b/2011/5xxx/CVE-2011-5286.json index 0939c1a297c..55ee809cefd 100644 --- a/2011/5xxx/CVE-2011-5286.json +++ b/2011/5xxx/CVE-2011-5286.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23033", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23033", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23033" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3190.json b/2014/3xxx/CVE-2014-3190.json index dd2e3f66914..4f58a7d0f71 100644 --- a/2014/3xxx/CVE-2014-3190.json +++ b/2014/3xxx/CVE-2014-3190.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" - }, - { - "name" : "https://crbug.com/400476", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/400476" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=181234&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=181234&view=revision" - }, - { - "name" : "RHSA-2014:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html" - }, - { - "name" : "70273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=181234&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=181234&view=revision" + }, + { + "name": "https://crbug.com/400476", + "refsource": "CONFIRM", + "url": "https://crbug.com/400476" + }, + { + "name": "70273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70273" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3261.json b/2014/3xxx/CVE-2014-3261.json index 0a8bc7067d6..4e231b863cd 100644 --- a/2014/3xxx/CVE-2014-3261.json +++ b/2014/3xxx/CVE-2014-3261.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3440.json b/2014/3xxx/CVE-2014-3440.json index 31b932c9636..9b3f0343e45 100644 --- a/2014/3xxx/CVE-2014-3440.json +++ b/2014/3xxx/CVE-2014-3440.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-3440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/39" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" - }, - { - "name" : "72091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" + }, + { + "name": "20150509 CVE-2014-3440 - Symantec Critical System Protection RCE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/39" + }, + { + "name": "72091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72091" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3686.json b/2014/3xxx/CVE-2014-3686.json index 5704ebdfffa..ef9a2072441 100644 --- a/2014/3xxx/CVE-2014-3686.json +++ b/2014/3xxx/CVE-2014-3686.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141009 wpa_cli and hostapd_cli action script execution vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/09/28" - }, - { - "name" : "http://w1.fi/security/2014-1/", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/security/2014-1/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151259", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151259" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0429.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0429.html" - }, - { - "name" : "DSA-3052", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3052" - }, - { - "name" : "GLSA-201606-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-17" - }, - { - "name" : "MDVSA-2015:120", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:120" - }, - { - "name" : "RHSA-2014:1956", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1956.html" - }, - { - "name" : "openSUSE-SU-2014:1313", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html" - }, - { - "name" : "openSUSE-SU-2014:1314", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html" - }, - { - "name" : "SUSE-SU-2014:1356", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html" - }, - { - "name" : "USN-2383-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2383-1" - }, - { - "name" : "70396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70396" - }, - { - "name" : "60366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60366" - }, - { - "name" : "60428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60428" - }, - { - "name" : "61271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60366" + }, + { + "name": "DSA-3052", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3052" + }, + { + "name": "openSUSE-SU-2014:1314", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html" + }, + { + "name": "60428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60428" + }, + { + "name": "http://w1.fi/security/2014-1/", + "refsource": "CONFIRM", + "url": "http://w1.fi/security/2014-1/" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0429.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0429.html" + }, + { + "name": "MDVSA-2015:120", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:120" + }, + { + "name": "[oss-security] 20141009 wpa_cli and hostapd_cli action script execution vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/09/28" + }, + { + "name": "RHSA-2014:1956", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1956.html" + }, + { + "name": "61271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61271" + }, + { + "name": "openSUSE-SU-2014:1313", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html" + }, + { + "name": "GLSA-201606-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-17" + }, + { + "name": "SUSE-SU-2014:1356", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151259", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151259" + }, + { + "name": "USN-2383-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2383-1" + }, + { + "name": "70396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70396" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3988.json b/2014/3xxx/CVE-2014-3988.json index bf58bee9234..9c37835398a 100644 --- a/2014/3xxx/CVE-2014-3988.json +++ b/2014/3xxx/CVE-2014-3988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sunhater/kcfinder/issues/40", - "refsource" : "CONFIRM", - "url" : "https://github.com/sunhater/kcfinder/issues/40" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sunhater/kcfinder/issues/40", + "refsource": "CONFIRM", + "url": "https://github.com/sunhater/kcfinder/issues/40" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7104.json b/2014/7xxx/CVE-2014-7104.json index a6df5929ccd..e13d17f7653 100644 --- a/2014/7xxx/CVE-2014-7104.json +++ b/2014/7xxx/CVE-2014-7104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#722769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/722769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#722769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/722769" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7291.json b/2014/7xxx/CVE-2014-7291.json index 48120faf619..38897e8147c 100644 --- a/2014/7xxx/CVE-2014-7291.json +++ b/2014/7xxx/CVE-2014-7291.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141127 CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/90" - }, - { - "name" : "http://tetraph.com/security/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-vulnerability/", - "refsource" : "MISC", - "url" : "http://tetraph.com/security/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-vulnerability/" - }, - { - "name" : "springshare-libcal-cve20147291-xss(99000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141127 CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/90" + }, + { + "name": "springshare-libcal-cve20147291-xss(99000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99000" + }, + { + "name": "http://tetraph.com/security/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-vulnerability/", + "refsource": "MISC", + "url": "http://tetraph.com/security/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8279.json b/2014/8xxx/CVE-2014-8279.json index db8982e91b8..0c651c47a3c 100644 --- a/2014/8xxx/CVE-2014-8279.json +++ b/2014/8xxx/CVE-2014-8279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8279", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8279", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8543.json b/2014/8xxx/CVE-2014-8543.json index f7d76c49fbf..e3ada15ad79 100644 --- a/2014/8xxx/CVE-2014-8543.json +++ b/2014/8xxx/CVE-2014-8543.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - }, - { - "name" : "USN-2534-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2534-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2534-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2534-1" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9035.json b/2014/9xxx/CVE-2014-9035.json index d5ffd2c9f62..53756fff597 100644 --- a/2014/9xxx/CVE-2014-9035.json +++ b/2014/9xxx/CVE-2014-9035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/25/12" - }, - { - "name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0493.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0493.html" - }, - { - "name" : "DSA-3085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3085" - }, - { - "name" : "MDVSA-2014:233", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" - }, - { - "name" : "71236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71236" - }, - { - "name" : "1031243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3085" + }, + { + "name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/25/12" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0493.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0493.html" + }, + { + "name": "1031243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031243" + }, + { + "name": "71236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71236" + }, + { + "name": "MDVSA-2014:233", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" + }, + { + "name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9182.json b/2014/9xxx/CVE-2014-9182.json index 3a1960a0e62..b4ea42538d9 100644 --- a/2014/9xxx/CVE-2014-9182.json +++ b/2014/9xxx/CVE-2014-9182.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9361.json b/2014/9xxx/CVE-2014-9361.json index 6e4f4a6fade..6a08dd77dbf 100644 --- a/2014/9xxx/CVE-2014-9361.json +++ b/2014/9xxx/CVE-2014-9361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2300369", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2300369" - }, - { - "name" : "https://www.drupal.org/node/2299467", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2299467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2300369", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2300369" + }, + { + "name": "https://www.drupal.org/node/2299467", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2299467" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9581.json b/2014/9xxx/CVE-2014-9581.json index af41a17b90f..cb53a985407 100644 --- a/2014/9xxx/CVE-2014-9581.json +++ b/2014/9xxx/CVE-2014-9581.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35585", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35585", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35585" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2065.json b/2016/2xxx/CVE-2016-2065.json index a0ef0ad43b2..e72916889cc 100644 --- a/2016/2xxx/CVE-2016-2065.json +++ b/2016/2xxx/CVE-2016-2065.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88", - "refsource" : "CONFIRM", - "url" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88" - }, - { - "name" : "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve" - }, - { - "name" : "92376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2064-cve" + }, + { + "name": "92376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92376" + }, + { + "name": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88", + "refsource": "CONFIRM", + "url": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2392.json b/2016/2xxx/CVE-2016-2392.json index 4d507633029..a736d98a885 100644 --- a/2016/2xxx/CVE-2016-2392.json +++ b/2016/2xxx/CVE-2016-2392.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160216 CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/16/7" - }, - { - "name" : "[qemu-devel] 20160211 [Qemu-devel] [PATCH] usb: check USB configuration descriptor object", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html" - }, - { - "name" : "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1302299", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1302299" - }, - { - "name" : "GLSA-201604-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-01" - }, - { - "name" : "USN-2974-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2974-1" - }, - { - "name" : "83274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83274" + }, + { + "name": "[qemu-devel] 20160211 [Qemu-devel] [PATCH] usb: check USB configuration descriptor object", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html" + }, + { + "name": "[oss-security] 20160216 CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/16/7" + }, + { + "name": "GLSA-201604-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-01" + }, + { + "name": "USN-2974-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2974-1" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302299", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302299" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + }, + { + "name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2450.json b/2016/2xxx/CVE-2016-2450.json index c8565e1473c..2ecfb84062b 100644 --- a/2016/2xxx/CVE-2016-2450.json +++ b/2016/2xxx/CVE-2016-2450.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2790.json b/2016/2xxx/CVE-2016-2790.json index b16ab818c90..8f378bb78c2 100644 --- a/2016/2xxx/CVE-2016-2790.json +++ b/2016/2xxx/CVE-2016-2790.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3510" - }, - { - "name" : "DSA-3515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3515" - }, - { - "name" : "DSA-3520", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3520" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201701-63", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-63" - }, - { - "name" : "openSUSE-SU-2016:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" - }, - { - "name" : "SUSE-SU-2016:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" - }, - { - "name" : "openSUSE-SU-2016:0731", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0733", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" - }, - { - "name" : "SUSE-SU-2016:0820", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" - }, - { - "name" : "openSUSE-SU-2016:0876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" - }, - { - "name" : "USN-2917-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-2" - }, - { - "name" : "USN-2917-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-3" - }, - { - "name" : "USN-2934-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2934-1" - }, - { - "name" : "USN-2917-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-1" - }, - { - "name" : "USN-2927-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2927-1" - }, - { - "name" : "84222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84222" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" + }, + { + "name": "84222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84222" + }, + { + "name": "SUSE-SU-2016:0820", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "openSUSE-SU-2016:0731", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" + }, + { + "name": "SUSE-SU-2016:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464" + }, + { + "name": "openSUSE-SU-2016:0876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" + }, + { + "name": "USN-2917-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-1" + }, + { + "name": "USN-2927-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2927-1" + }, + { + "name": "DSA-3520", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3520" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "SUSE-SU-2016:0909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" + }, + { + "name": "DSA-3510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3510" + }, + { + "name": "openSUSE-SU-2016:0733", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "SUSE-SU-2016:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "DSA-3515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3515" + }, + { + "name": "USN-2934-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2934-1" + }, + { + "name": "GLSA-201701-63", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-63" + }, + { + "name": "USN-2917-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-2" + }, + { + "name": "USN-2917-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-3" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6318.json b/2016/6xxx/CVE-2016-6318.json index 60ee695cf2e..53a908b0768 100644 --- a/2016/6xxx/CVE-2016-6318.json +++ b/2016/6xxx/CVE-2016-6318.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160816 cracklib: Stack-based buffer overflow when parsing large GECOS field", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/16/2" - }, - { - "name" : "GLSA-201612-25", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-25" - }, - { - "name" : "openSUSE-SU-2016:2204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html" - }, - { - "name" : "92478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160816 cracklib: Stack-based buffer overflow when parsing large GECOS field", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/16/2" + }, + { + "name": "openSUSE-SU-2016:2204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html" + }, + { + "name": "92478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92478" + }, + { + "name": "GLSA-201612-25", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-25" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6390.json b/2016/6xxx/CVE-2016-6390.json index f2306f165b9..d1bbc05ca1b 100644 --- a/2016/6xxx/CVE-2016-6390.json +++ b/2016/6xxx/CVE-2016-6390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6390", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-6390", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6423.json b/2016/6xxx/CVE-2016-6423.json index 264f9cc2947..9dd358fc6f2 100644 --- a/2016/6xxx/CVE-2016-6423.json +++ b/2016/6xxx/CVE-2016-6423.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161005 Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev" - }, - { - "name" : "93411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93411" - }, - { - "name" : "1036955", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036955", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036955" + }, + { + "name": "93411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93411" + }, + { + "name": "20161005 Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6672.json b/2016/6xxx/CVE-2016-6672.json index 0a576f0e764..ce28222e365 100644 --- a/2016/6xxx/CVE-2016-6672.json +++ b/2016/6xxx/CVE-2016-6672.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "93338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93338" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6749.json b/2016/6xxx/CVE-2016-6749.json index ddc691fc30b..b3c72301dc0 100644 --- a/2016/6xxx/CVE-2016-6749.json +++ b/2016/6xxx/CVE-2016-6749.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94139" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7178.json b/2016/7xxx/CVE-2016-7178.json index 17ffb5d54af..6bd846d167c 100644 --- a/2016/7xxx/CVE-2016-7178.json +++ b/2016/7xxx/CVE-2016-7178.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12751", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12751" - }, - { - "name" : "https://code.wireshark.org/review/17094", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/17094" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-53.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-53.html" - }, - { - "name" : "DSA-3671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3671" - }, - { - "name" : "1036760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-53.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-53.html" + }, + { + "name": "https://code.wireshark.org/review/17094", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/17094" + }, + { + "name": "1036760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036760" + }, + { + "name": "DSA-3671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3671" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12751", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12751" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7511.json b/2016/7xxx/CVE-2016-7511.json index e99190f72d0..a58b83b3404 100644 --- a/2016/7xxx/CVE-2016-7511.json +++ b/2016/7xxx/CVE-2016-7511.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/libdwarf/bugs/3/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/libdwarf/bugs/3/" - }, - { - "name" : "https://www.prevanders.net/dwarfbug.html#DW201609-002", - "refsource" : "CONFIRM", - "url" : "https://www.prevanders.net/dwarfbug.html#DW201609-002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.prevanders.net/dwarfbug.html#DW201609-002", + "refsource": "CONFIRM", + "url": "https://www.prevanders.net/dwarfbug.html#DW201609-002" + }, + { + "name": "https://sourceforge.net/p/libdwarf/bugs/3/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/libdwarf/bugs/3/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5060.json b/2017/5xxx/CVE-2017-5060.json index 74cff9ddde6..621748ef1ad 100644 --- a/2017/5xxx/CVE-2017-5060.json +++ b/2017/5xxx/CVE-2017-5060.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/683314", - "refsource" : "MISC", - "url" : "https://crbug.com/683314" - }, - { - "name" : "GLSA-201705-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-02" - }, - { - "name" : "RHSA-2017:1124", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1124" - }, - { - "name" : "97939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97939" - }, - { - "name" : "1038317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1124", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1124" + }, + { + "name": "GLSA-201705-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-02" + }, + { + "name": "https://crbug.com/683314", + "refsource": "MISC", + "url": "https://crbug.com/683314" + }, + { + "name": "1038317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038317" + }, + { + "name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" + }, + { + "name": "97939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97939" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5359.json b/2017/5xxx/CVE-2017-5359.json index 156c455e7d6..bc2da348988 100644 --- a/2017/5xxx/CVE-2017-5359.json +++ b/2017/5xxx/CVE-2017-5359.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170304 EasyCom SQL iPlug Denial Of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/540218/100/0/threaded" - }, - { - "name" : "41426", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41426/" - }, - { - "name" : "20170222 EasyCom SQL iPlug Denial Of Service", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/61" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/141300/EasyCom-SQL-iPlug-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141300/EasyCom-SQL-iPlug-Denial-Of-Service.html" - }, - { - "name" : "96420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt" + }, + { + "name": "http://packetstormsecurity.com/files/141300/EasyCom-SQL-iPlug-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141300/EasyCom-SQL-iPlug-Denial-Of-Service.html" + }, + { + "name": "20170304 EasyCom SQL iPlug Denial Of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/540218/100/0/threaded" + }, + { + "name": "20170222 EasyCom SQL iPlug Denial Of Service", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/61" + }, + { + "name": "41426", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41426/" + }, + { + "name": "96420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96420" + } + ] + } +} \ No newline at end of file