From 9ed5a6fe2ebcdd22fc13854dac5fe86b45efcba1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:21:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0220.json | 140 ++++++------- 2006/1xxx/CVE-2006-1418.json | 170 ++++++++-------- 2006/1xxx/CVE-2006-1652.json | 230 ++++++++++----------- 2006/1xxx/CVE-2006-1980.json | 170 ++++++++-------- 2006/5xxx/CVE-2006-5159.json | 200 +++++++++--------- 2006/5xxx/CVE-2006-5263.json | 160 +++++++-------- 2006/5xxx/CVE-2006-5527.json | 190 +++++++++--------- 2006/5xxx/CVE-2006-5686.json | 34 ++-- 2006/5xxx/CVE-2006-5894.json | 170 ++++++++-------- 2007/2xxx/CVE-2007-2135.json | 170 ++++++++-------- 2007/2xxx/CVE-2007-2224.json | 190 +++++++++--------- 2007/2xxx/CVE-2007-2608.json | 160 +++++++-------- 2007/2xxx/CVE-2007-2804.json | 170 ++++++++-------- 2010/0xxx/CVE-2010-0262.json | 160 +++++++-------- 2010/0xxx/CVE-2010-0334.json | 120 +++++------ 2010/1xxx/CVE-2010-1039.json | 380 +++++++++++++++++------------------ 2010/1xxx/CVE-2010-1339.json | 120 +++++------ 2010/1xxx/CVE-2010-1484.json | 34 ++-- 2010/1xxx/CVE-2010-1973.json | 140 ++++++------- 2010/3xxx/CVE-2010-3953.json | 34 ++-- 2010/4xxx/CVE-2010-4245.json | 34 ++-- 2010/4xxx/CVE-2010-4637.json | 160 +++++++-------- 2010/4xxx/CVE-2010-4704.json | 270 ++++++++++++------------- 2010/4xxx/CVE-2010-4780.json | 190 +++++++++--------- 2010/4xxx/CVE-2010-4781.json | 170 ++++++++-------- 2014/0xxx/CVE-2014-0004.json | 190 +++++++++--------- 2014/0xxx/CVE-2014-0034.json | 200 +++++++++--------- 2014/0xxx/CVE-2014-0725.json | 120 +++++------ 2014/0xxx/CVE-2014-0967.json | 130 ++++++------ 2014/4xxx/CVE-2014-4372.json | 190 +++++++++--------- 2014/8xxx/CVE-2014-8575.json | 34 ++-- 2014/8xxx/CVE-2014-8984.json | 34 ++-- 2014/9xxx/CVE-2014-9402.json | 190 +++++++++--------- 2014/9xxx/CVE-2014-9695.json | 120 +++++------ 2014/9xxx/CVE-2014-9715.json | 230 ++++++++++----------- 2014/9xxx/CVE-2014-9862.json | 200 +++++++++--------- 2016/3xxx/CVE-2016-3355.json | 140 ++++++------- 2016/3xxx/CVE-2016-3374.json | 170 ++++++++-------- 2016/3xxx/CVE-2016-3594.json | 170 ++++++++-------- 2016/3xxx/CVE-2016-3692.json | 34 ++-- 2016/3xxx/CVE-2016-3872.json | 150 +++++++------- 2016/6xxx/CVE-2016-6153.json | 200 +++++++++--------- 2016/6xxx/CVE-2016-6422.json | 140 ++++++------- 2016/6xxx/CVE-2016-6444.json | 130 ++++++------ 2016/6xxx/CVE-2016-6751.json | 136 ++++++------- 2016/7xxx/CVE-2016-7455.json | 34 ++-- 2016/8xxx/CVE-2016-8110.json | 34 ++-- 2016/8xxx/CVE-2016-8725.json | 120 +++++------ 2016/8xxx/CVE-2016-8870.json | 200 +++++++++--------- 2016/8xxx/CVE-2016-8909.json | 200 +++++++++--------- 50 files changed, 3731 insertions(+), 3731 deletions(-) diff --git a/2006/0xxx/CVE-2006-0220.json b/2006/0xxx/CVE-2006-0220.json index 4eefe556de7..2b05df3d649 100644 --- a/2006/0xxx/CVE-2006-0220.json +++ b/2006/0xxx/CVE-2006-0220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060113 DCP Portal Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421914/100/0/threaded" - }, - { - "name" : "16232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16232" - }, - { - "name" : "dcpportal-calendar-search-xss(24153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16232" + }, + { + "name": "dcpportal-calendar-search-xss(24153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153" + }, + { + "name": "20060113 DCP Portal Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1418.json b/2006/1xxx/CVE-2006-1418.json index 02157133a8e..2b85afbc4de 100644 --- a/2006/1xxx/CVE-2006-1418.json +++ b/2006/1xxx/CVE-2006-1418.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html" - }, - { - "name" : "17257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17257" - }, - { - "name" : "ADV-2006-1095", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1095" - }, - { - "name" : "24128", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24128" - }, - { - "name" : "19381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19381" - }, - { - "name" : "eschoolmanagementsystem-default-xss(25469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "eschoolmanagementsystem-default-xss(25469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25469" + }, + { + "name": "24128", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24128" + }, + { + "name": "17257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17257" + }, + { + "name": "ADV-2006-1095", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1095" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html" + }, + { + "name": "19381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19381" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1652.json b/2006/1xxx/CVE-2006-1652.json index b33d11e5553..3a623f1a86b 100644 --- a/2006/1xxx/CVE-2006-1652.json +++ b/2006/1xxx/CVE-2006-1652.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429930/100/0/threaded" - }, - { - "name" : "20060405 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430287/100/0/threaded" - }, - { - "name" : "20060411 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430711/100/0/threaded" - }, - { - "name" : "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044901.html" - }, - { - "name" : "1642", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1642" - }, - { - "name" : "1643", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1643" - }, - { - "name" : "17378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17378" - }, - { - "name" : "ADV-2006-1240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1240" - }, - { - "name" : "19513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19513" - }, - { - "name" : "674", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/674" - }, - { - "name" : "ultr@vnc-vnclogreallyprint-bo(25650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25650" - }, - { - "name" : "untr@vnc-error-bo(25648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1642", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1642" + }, + { + "name": "untr@vnc-error-bo(25648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25648" + }, + { + "name": "1643", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1643" + }, + { + "name": "ultr@vnc-vnclogreallyprint-bo(25650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25650" + }, + { + "name": "19513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19513" + }, + { + "name": "20060411 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430711/100/0/threaded" + }, + { + "name": "20060405 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430287/100/0/threaded" + }, + { + "name": "ADV-2006-1240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1240" + }, + { + "name": "674", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/674" + }, + { + "name": "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429930/100/0/threaded" + }, + { + "name": "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044901.html" + }, + { + "name": "17378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17378" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1980.json b/2006/1xxx/CVE-2006-1980.json index 0cd34990a94..7f0065a57d5 100644 --- a/2006/1xxx/CVE-2006-1980.json +++ b/2006/1xxx/CVE-2006-1980.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html" - }, - { - "name" : "17626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17626" - }, - { - "name" : "ADV-2006-1445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1445" - }, - { - "name" : "24759", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24759" - }, - { - "name" : "19717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19717" - }, - { - "name" : "w2bonlinebanking-sid-xss(25947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html" + }, + { + "name": "ADV-2006-1445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1445" + }, + { + "name": "24759", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24759" + }, + { + "name": "19717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19717" + }, + { + "name": "w2bonlinebanking-sid-xss(25947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947" + }, + { + "name": "17626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17626" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5159.json b/2006/5xxx/CVE-2006-5159.json index 9b7a1bd9e53..41361a51fd7 100644 --- a/2006/5xxx/CVE-2006-5159.json +++ b/2006/5xxx/CVE-2006-5159.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061001 0day in Firefox from ToorCon '06", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447497/100/0/threaded" - }, - { - "name" : "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447493/100/0/threaded" - }, - { - "name" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/", - "refsource" : "MISC", - "url" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/" - }, - { - "name" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html", - "refsource" : "MISC", - "url" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html" - }, - { - "name" : "20282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20282" - }, - { - "name" : "20294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20294" - }, - { - "name" : "1016962", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016962" - }, - { - "name" : "1678", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1678" - }, - { - "name" : "firefox-multiple-javascript-bo(29317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-multiple-javascript-bo(29317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317" + }, + { + "name": "20282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20282" + }, + { + "name": "1016962", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016962" + }, + { + "name": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/", + "refsource": "MISC", + "url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/" + }, + { + "name": "20061001 0day in Firefox from ToorCon '06", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447497/100/0/threaded" + }, + { + "name": "1678", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1678" + }, + { + "name": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html", + "refsource": "MISC", + "url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html" + }, + { + "name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded" + }, + { + "name": "20294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20294" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5263.json b/2006/5xxx/CVE-2006-5263.json index d000d54eeeb..51d64b4d93a 100644 --- a/2006/5xxx/CVE-2006-5263.json +++ b/2006/5xxx/CVE-2006-5263.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2500", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2500" - }, - { - "name" : "20453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20453" - }, - { - "name" : "ADV-2006-4005", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4005" - }, - { - "name" : "22346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22346" - }, - { - "name" : "phpmyagenda-header-file-include(29413)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2500", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2500" + }, + { + "name": "22346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22346" + }, + { + "name": "ADV-2006-4005", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4005" + }, + { + "name": "20453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20453" + }, + { + "name": "phpmyagenda-header-file-include(29413)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29413" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5527.json b/2006/5xxx/CVE-2006-5527.json index 6067ce87a71..14e8de8fcfc 100644 --- a/2006/5xxx/CVE-2006-5527.json +++ b/2006/5xxx/CVE-2006-5527.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061024 InteliEditor (sys_path) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449578/100/0/threaded" - }, - { - "name" : "2630", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2630" - }, - { - "name" : "20703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20703" - }, - { - "name" : "ADV-2006-4179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4179" - }, - { - "name" : "1017117", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017117" - }, - { - "name" : "22428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22428" - }, - { - "name" : "1785", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1785" - }, - { - "name" : "intelieditor-libeditor-file-include(29755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017117", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017117" + }, + { + "name": "22428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22428" + }, + { + "name": "1785", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1785" + }, + { + "name": "ADV-2006-4179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4179" + }, + { + "name": "20703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20703" + }, + { + "name": "2630", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2630" + }, + { + "name": "intelieditor-libeditor-file-include(29755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29755" + }, + { + "name": "20061024 InteliEditor (sys_path) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449578/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5686.json b/2006/5xxx/CVE-2006-5686.json index dd0b88ba3b8..f1cb1cb66db 100644 --- a/2006/5xxx/CVE-2006-5686.json +++ b/2006/5xxx/CVE-2006-5686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5686", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5686", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5894.json b/2006/5xxx/CVE-2006-5894.json index d9a6077d09b..0ec069849b7 100644 --- a/2006/5xxx/CVE-2006-5894.json +++ b/2006/5xxx/CVE-2006-5894.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2760", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2760" - }, - { - "name" : "http://www.rahim.webd.pl/exploit127.html", - "refsource" : "MISC", - "url" : "http://www.rahim.webd.pl/exploit127.html" - }, - { - "name" : "21009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21009" - }, - { - "name" : "ADV-2006-4473", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4473" - }, - { - "name" : "22847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22847" - }, - { - "name" : "ramacms-lang-file-include(30183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21009" + }, + { + "name": "ADV-2006-4473", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4473" + }, + { + "name": "22847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22847" + }, + { + "name": "2760", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2760" + }, + { + "name": "http://www.rahim.webd.pl/exploit127.html", + "refsource": "MISC", + "url": "http://www.rahim.webd.pl/exploit127.html" + }, + { + "name": "ramacms-lang-file-include(30183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30183" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2135.json b/2007/2xxx/CVE-2007-2135.json index 0b182f0eef8..4e3d5735553 100644 --- a/2007/2xxx/CVE-2007-2135.json +++ b/2007/2xxx/CVE-2007-2135.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466215/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html", - "refsource" : "MISC", - "url" : "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html" - }, - { - "name" : "39959", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39959" - }, - { - "name" : "2612", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html", + "refsource": "MISC", + "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html" + }, + { + "name": "2612", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2612" + }, + { + "name": "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html" + }, + { + "name": "39959", + "refsource": "OSVDB", + "url": "http://osvdb.org/39959" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2224.json b/2007/2xxx/CVE-2007-2224.json index 21d2881dabe..e309f5c7e57 100644 --- a/2007/2xxx/CVE-2007-2224.json +++ b/2007/2xxx/CVE-2007-2224.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-2224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476527/100/0/threaded" - }, - { - "name" : "MS07-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-043" - }, - { - "name" : "TA07-226A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" - }, - { - "name" : "25282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25282" - }, - { - "name" : "ADV-2007-2867", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2867" - }, - { - "name" : "oval:org.mitre.oval:def:1248", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1248" - }, - { - "name" : "1018560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018560" - }, - { - "name" : "26449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS07-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-043" + }, + { + "name": "26449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26449" + }, + { + "name": "1018560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018560" + }, + { + "name": "TA07-226A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" + }, + { + "name": "oval:org.mitre.oval:def:1248", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1248" + }, + { + "name": "ADV-2007-2867", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2867" + }, + { + "name": "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded" + }, + { + "name": "25282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25282" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2608.json b/2007/2xxx/CVE-2007-2608.json index 459cbaae4e6..76517609393 100644 --- a/2007/2xxx/CVE-2007-2608.json +++ b/2007/2xxx/CVE-2007-2608.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3878", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3878" - }, - { - "name" : "23884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23884" - }, - { - "name" : "ADV-2007-1737", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1737" - }, - { - "name" : "37789", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37789" - }, - { - "name" : "miplex2-smartyfuclass-file-include(34172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37789", + "refsource": "OSVDB", + "url": "http://osvdb.org/37789" + }, + { + "name": "ADV-2007-1737", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1737" + }, + { + "name": "miplex2-smartyfuclass-file-include(34172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34172" + }, + { + "name": "23884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23884" + }, + { + "name": "3878", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3878" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2804.json b/2007/2xxx/CVE-2007-2804.json index c9c277e2065..c1ba4aa806b 100644 --- a/2007/2xxx/CVE-2007-2804.json +++ b/2007/2xxx/CVE-2007-2804.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html" - }, - { - "name" : "24069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24069" - }, - { - "name" : "36234", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36234" - }, - { - "name" : "ADV-2007-1881", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1881" - }, - { - "name" : "25370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25370" - }, - { - "name" : "candypress-prodlist-xss(34389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1881", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1881" + }, + { + "name": "25370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25370" + }, + { + "name": "candypress-prodlist-xss(34389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34389" + }, + { + "name": "24069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24069" + }, + { + "name": "36234", + "refsource": "OSVDB", + "url": "http://osvdb.org/36234" + }, + { + "name": "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0262.json b/2010/0xxx/CVE-2010-0262.json index 9a25f6826ef..9eefbe96b47 100644 --- a/2010/0xxx/CVE-2010-0262.json +++ b/2010/0xxx/CVE-2010-0262.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860" - }, - { - "name" : "MS10-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8562", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562" - }, - { - "name" : "1023698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860" + }, + { + "name": "MS10-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "oval:org.mitre.oval:def:8562", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562" + }, + { + "name": "1023698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023698" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0334.json b/2010/0xxx/CVE-2010-0334.json index 14706e6a0c2..e390510203f 100644 --- a/2010/0xxx/CVE-2010-0334.json +++ b/2010/0xxx/CVE-2010-0334.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1039.json b/2010/1xxx/CVE-2010-1039.json index 37dc822e916..dfc84dd0c6f 100644 --- a/2010/1xxx/CVE-2010-1039.json +++ b/2010/1xxx/CVE-2010-1039.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511405/100/0/threaded" - }, - { - "name" : "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html", - "refsource" : "MISC", - "url" : "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088" - }, - { - "name" : "IZ73590", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590" - }, - { - "name" : "IZ73599", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599" - }, - { - "name" : "IZ73681", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681" - }, - { - "name" : "IZ73757", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757" - }, - { - "name" : "IZ73874", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874" - }, - { - "name" : "IZ75369", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369" - }, - { - "name" : "IZ75440", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440" - }, - { - "name" : "IZ75465", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465" - }, - { - "name" : "HPSBUX02523", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127428077629933&w=2" - }, - { - "name" : "SSRT100036", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127428077629933&w=2" - }, - { - "name" : "40248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40248" - }, - { - "name" : "64729", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64729" - }, - { - "name" : "oval:org.mitre.oval:def:11986", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986" - }, - { - "name" : "oval:org.mitre.oval:def:12103", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103" - }, - { - "name" : "1024016", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024016" - }, - { - "name" : "1023994", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023994" - }, - { - "name" : "39835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39835" - }, - { - "name" : "39911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39911" - }, - { - "name" : "ADV-2010-1213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1213" - }, - { - "name" : "ADV-2010-1199", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1199" - }, - { - "name" : "ADV-2010-1211", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1211" - }, - { - "name" : "ADV-2010-1212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1212" - }, - { - "name" : "hpux-nfsoncplus-privilege-escalation(58718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64729", + "refsource": "OSVDB", + "url": "http://osvdb.org/64729" + }, + { + "name": "IZ75440", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440" + }, + { + "name": "39911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39911" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088" + }, + { + "name": "oval:org.mitre.oval:def:11986", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986" + }, + { + "name": "40248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40248" + }, + { + "name": "1023994", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023994" + }, + { + "name": "IZ75369", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369" + }, + { + "name": "ADV-2010-1213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1213" + }, + { + "name": "IZ73757", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757" + }, + { + "name": "IZ73599", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599" + }, + { + "name": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html", + "refsource": "MISC", + "url": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html" + }, + { + "name": "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511405/100/0/threaded" + }, + { + "name": "HPSBUX02523", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127428077629933&w=2" + }, + { + "name": "oval:org.mitre.oval:def:12103", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103" + }, + { + "name": "IZ75465", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465" + }, + { + "name": "IZ73874", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874" + }, + { + "name": "SSRT100036", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127428077629933&w=2" + }, + { + "name": "ADV-2010-1199", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1199" + }, + { + "name": "39835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39835" + }, + { + "name": "hpux-nfsoncplus-privilege-escalation(58718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718" + }, + { + "name": "1024016", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024016" + }, + { + "name": "ADV-2010-1212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1212" + }, + { + "name": "ADV-2010-1211", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1211" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc" + }, + { + "name": "IZ73590", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590" + }, + { + "name": "IZ73681", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1339.json b/2010/1xxx/CVE-2010-1339.json index dbcca382ffe..699968cf88b 100644 --- a/2010/1xxx/CVE-2010-1339.json +++ b/2010/1xxx/CVE-2010-1339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39009" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1484.json b/2010/1xxx/CVE-2010-1484.json index d5c3a122599..716659611d4 100644 --- a/2010/1xxx/CVE-2010-1484.json +++ b/2010/1xxx/CVE-2010-1484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1973.json b/2010/1xxx/CVE-2010-1973.json index 471a5c8ad0a..8da9f2bd5fe 100644 --- a/2010/1xxx/CVE-2010-1973.json +++ b/2010/1xxx/CVE-2010-1973.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBOV02539", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127905660900687&w=2" - }, - { - "name" : "SSRT090267", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127905660900687&w=2" - }, - { - "name" : "1024190", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBOV02539", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127905660900687&w=2" + }, + { + "name": "1024190", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024190" + }, + { + "name": "SSRT090267", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127905660900687&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3953.json b/2010/3xxx/CVE-2010-3953.json index c43a48f4638..0da2fe57c4a 100644 --- a/2010/3xxx/CVE-2010-3953.json +++ b/2010/3xxx/CVE-2010-3953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3953", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3953", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4245.json b/2010/4xxx/CVE-2010-4245.json index e60708dbf09..c9e359462ec 100644 --- a/2010/4xxx/CVE-2010-4245.json +++ b/2010/4xxx/CVE-2010-4245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4637.json b/2010/4xxx/CVE-2010-4637.json index c87e52b3702..85c29e2c1c7 100644 --- a/2010/4xxx/CVE-2010-4637.json +++ b/2010/4xxx/CVE-2010-4637.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt" - }, - { - "name" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56", - "refsource" : "MISC", - "url" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56" - }, - { - "name" : "69071", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69071" - }, - { - "name" : "42197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42197" - }, - { - "name" : "feedlist-handlerimage-xss(63055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42197" + }, + { + "name": "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt" + }, + { + "name": "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56", + "refsource": "MISC", + "url": "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56" + }, + { + "name": "feedlist-handlerimage-xss(63055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63055" + }, + { + "name": "69071", + "refsource": "OSVDB", + "url": "http://osvdb.org/69071" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4704.json b/2010/4xxx/CVE-2010-4704.json index 901d3216831..89c4b8171cb 100644 --- a/2010/4xxx/CVE-2010-4704.json +++ b/2010/4xxx/CVE-2010-4704.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078", - "refsource" : "CONFIRM", - "url" : "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078" - }, - { - "name" : "https://roundup.ffmpeg.org/issue2322", - "refsource" : "CONFIRM", - "url" : "https://roundup.ffmpeg.org/issue2322" - }, - { - "name" : "http://ffmpeg.mplayerhq.hu/", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.mplayerhq.hu/" - }, - { - "name" : "DSA-2165", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2165" - }, - { - "name" : "DSA-2306", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2306" - }, - { - "name" : "MDVSA-2011:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" - }, - { - "name" : "MDVSA-2011:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" - }, - { - "name" : "MDVSA-2011:089", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" - }, - { - "name" : "MDVSA-2011:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" - }, - { - "name" : "MDVSA-2011:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" - }, - { - "name" : "USN-1104-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-1104-1/" - }, - { - "name" : "46294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46294" - }, - { - "name" : "43323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43323" - }, - { - "name" : "ADV-2011-1241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" + }, + { + "name": "DSA-2306", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2306" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "https://roundup.ffmpeg.org/issue2322", + "refsource": "CONFIRM", + "url": "https://roundup.ffmpeg.org/issue2322" + }, + { + "name": "MDVSA-2011:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" + }, + { + "name": "MDVSA-2011:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" + }, + { + "name": "MDVSA-2011:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" + }, + { + "name": "43323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43323" + }, + { + "name": "USN-1104-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-1104-1/" + }, + { + "name": "MDVSA-2011:089", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" + }, + { + "name": "http://ffmpeg.mplayerhq.hu/", + "refsource": "CONFIRM", + "url": "http://ffmpeg.mplayerhq.hu/" + }, + { + "name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078", + "refsource": "CONFIRM", + "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078" + }, + { + "name": "DSA-2165", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2165" + }, + { + "name": "ADV-2011-1241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1241" + }, + { + "name": "46294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46294" + }, + { + "name": "MDVSA-2011:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4780.json b/2010/4xxx/CVE-2010-4780.json index 783d1a8744e..ebb95def44e 100644 --- a/2010/4xxx/CVE-2010-4780.json +++ b/2010/4xxx/CVE-2010-4780.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15645", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15645" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html" - }, - { - "name" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released", - "refsource" : "CONFIRM", - "url" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released" - }, - { - "name" : "45120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45120" - }, - { - "name" : "69537", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69537" - }, - { - "name" : "42375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42375" - }, - { - "name" : "8183", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15645", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15645" + }, + { + "name": "42375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42375" + }, + { + "name": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released", + "refsource": "CONFIRM", + "url": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released" + }, + { + "name": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt" + }, + { + "name": "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html" + }, + { + "name": "69537", + "refsource": "OSVDB", + "url": "http://osvdb.org/69537" + }, + { + "name": "8183", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8183" + }, + { + "name": "45120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45120" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4781.json b/2010/4xxx/CVE-2010-4781.json index 5382ed076e3..705b1be5da9 100644 --- a/2010/4xxx/CVE-2010-4781.json +++ b/2010/4xxx/CVE-2010-4781.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15645", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15645" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html" - }, - { - "name" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released", - "refsource" : "CONFIRM", - "url" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released" - }, - { - "name" : "45120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45120" - }, - { - "name" : "8183", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15645", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15645" + }, + { + "name": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released", + "refsource": "CONFIRM", + "url": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released" + }, + { + "name": "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html" + }, + { + "name": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt" + }, + { + "name": "8183", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8183" + }, + { + "name": "45120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45120" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0004.json b/2014/0xxx/CVE-2014-0004.json index 9427f0301af..1010f2aaacc 100644 --- a/2014/0xxx/CVE-2014-0004.json +++ b/2014/0xxx/CVE-2014-0004.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html" - }, - { - "name" : "DSA-2872", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2872" - }, - { - "name" : "RHSA-2014:0293", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0293.html" - }, - { - "name" : "openSUSE-SU-2014:0388", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html" - }, - { - "name" : "openSUSE-SU-2014:0389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html" - }, - { - "name" : "openSUSE-SU-2014:0390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html" - }, - { - "name" : "USN-2142-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2142-1" - }, - { - "name" : "66081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html" + }, + { + "name": "openSUSE-SU-2014:0389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html" + }, + { + "name": "openSUSE-SU-2014:0388", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html" + }, + { + "name": "RHSA-2014:0293", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0293.html" + }, + { + "name": "[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html" + }, + { + "name": "USN-2142-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2142-1" + }, + { + "name": "66081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66081" + }, + { + "name": "DSA-2872", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2872" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0034.json b/2014/0xxx/CVE-2014-0034.json index 4d424062c0d..4d1d6a5f659 100644 --- a/2014/0xxx/CVE-2014-0034.json +++ b/2014/0xxx/CVE-2014-0034.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1551228", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1551228" - }, - { - "name" : "RHSA-2014:0797", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0797.html" - }, - { - "name" : "RHSA-2014:0798", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0798.html" - }, - { - "name" : "RHSA-2014:0799", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0799.html" - }, - { - "name" : "RHSA-2014:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html" - }, - { - "name" : "RHSA-2015:0850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html" - }, - { - "name" : "RHSA-2015:0851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html" - }, - { - "name" : "68441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0798", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html" + }, + { + "name": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc" + }, + { + "name": "68441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68441" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1551228", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1551228" + }, + { + "name": "RHSA-2015:0850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html" + }, + { + "name": "RHSA-2014:0797", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html" + }, + { + "name": "RHSA-2015:0851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html" + }, + { + "name": "RHSA-2014:0799", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html" + }, + { + "name": "RHSA-2014:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0725.json b/2014/0xxx/CVE-2014-0725.json index 46aea529891..88e4ce98d8d 100644 --- a/2014/0xxx/CVE-2014-0725.json +++ b/2014/0xxx/CVE-2014-0725.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0967.json b/2014/0xxx/CVE-2014-0967.json index 0f9746e95f9..26747d90d93 100644 --- a/2014/0xxx/CVE-2014-0967.json +++ b/2014/0xxx/CVE-2014-0967.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677300", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677300" - }, - { - "name" : "ibm-imdm-cve20140967-xss(92882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677300", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677300" + }, + { + "name": "ibm-imdm-cve20140967-xss(92882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92882" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4372.json b/2014/4xxx/CVE-2014-4372.json index a0596357aba..4bc5830cffe 100644 --- a/2014/4xxx/CVE-2014-4372.json +++ b/2014/4xxx/CVE-2014-4372.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69923" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144372-symlink(96082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "69923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69923" + }, + { + "name": "appleios-cve20144372-symlink(96082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96082" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8575.json b/2014/8xxx/CVE-2014-8575.json index aa9ffcf5912..9a4346c2814 100644 --- a/2014/8xxx/CVE-2014-8575.json +++ b/2014/8xxx/CVE-2014-8575.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8575", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8575", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8984.json b/2014/8xxx/CVE-2014-8984.json index 6ac8a5ce8fc..7ab70ec965a 100644 --- a/2014/8xxx/CVE-2014-8984.json +++ b/2014/8xxx/CVE-2014-8984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8984", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8984", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9402.json b/2014/9xxx/CVE-2014-9402.json index 18e267a2b40..366444620a3 100644 --- a/2014/9xxx/CVE-2014-9402.json +++ b/2014/9xxx/CVE-2014-9402.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141217 Re: CVE request: glibc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/18/1" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17630" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "GLSA-201602-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201602-02" - }, - { - "name" : "RHSA-2018:0805", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0805" - }, - { - "name" : "openSUSE-SU-2015:0351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html" - }, - { - "name" : "USN-2519-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2519-1" - }, - { - "name" : "71670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630" + }, + { + "name": "openSUSE-SU-2015:0351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html" + }, + { + "name": "GLSA-201602-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201602-02" + }, + { + "name": "[oss-security] 20141217 Re: CVE request: glibc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/18/1" + }, + { + "name": "USN-2519-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2519-1" + }, + { + "name": "71670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71670" + }, + { + "name": "RHSA-2018:0805", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0805" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9695.json b/2014/9xxx/CVE-2014-9695.json index 2a0f3a25f1f..a75603fb15c 100644 --- a/2014/9xxx/CVE-2014-9695.json +++ b/2014/9xxx/CVE-2014-9695.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2014-9695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2014-9695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/hw-408118", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/hw-408118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/hw-408118", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/hw-408118" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9715.json b/2014/9xxx/CVE-2014-9715.json index a5088d09a46..a0cb50ee6d7 100644 --- a/2014/9xxx/CVE-2014-9715.json +++ b/2014/9xxx/CVE-2014-9715.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=netfilter-devel&m=140112364215200&w=2" - }, - { - "name" : "[oss-security] 20150407 CVE request netfilter connection tracking accounting.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/08/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1208684", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1208684" - }, - { - "name" : "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3237", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3237" - }, - { - "name" : "RHSA-2015:1564", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1564.html" - }, - { - "name" : "RHSA-2015:1534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1534.html" - }, - { - "name" : "73953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73953" - }, - { - "name" : "1032415", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73953" + }, + { + "name": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5" + }, + { + "name": "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)", + "refsource": "MLIST", + "url": "http://marc.info/?l=netfilter-devel&m=140112364215200&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "[oss-security] 20150407 CVE request netfilter connection tracking accounting.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/08/1" + }, + { + "name": "DSA-3237", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3237" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279" + }, + { + "name": "1032415", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032415" + }, + { + "name": "RHSA-2015:1534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html" + }, + { + "name": "RHSA-2015:1564", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9862.json b/2014/9xxx/CVE-2014-9862.json index 9d6837de69a..92c3528f74c 100644 --- a/2014/9xxx/CVE-2014-9862.json +++ b/2014/9xxx/CVE-2014-9862.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998" - }, - { - "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=372525", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=372525" - }, - { - "name" : "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "FreeBSD-SA-16:25", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc" - }, - { - "name" : "openSUSE-SU-2016:1977", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html" - }, - { - "name" : "91824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91824" - }, - { - "name" : "1036438", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91824" + }, + { + "name": "FreeBSD-SA-16:25", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc" + }, + { + "name": "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998" + }, + { + "name": "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "1036438", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036438" + }, + { + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=372525", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=372525" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + }, + { + "name": "openSUSE-SU-2016:1977", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3355.json b/2016/3xxx/CVE-2016-3355.json index 2e1f1305bbf..75c1edbe05b 100644 --- a/2016/3xxx/CVE-2016-3355.json +++ b/2016/3xxx/CVE-2016-3355.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka \"GDI Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-106", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-106" - }, - { - "name" : "92787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92787" - }, - { - "name" : "1036786", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka \"GDI Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036786", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036786" + }, + { + "name": "MS16-106", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-106" + }, + { + "name": "92787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3374.json b/2016/3xxx/CVE-2016-3374.json index 5d1e0665ce6..f622fe1236d 100644 --- a/2016/3xxx/CVE-2016-3374.json +++ b/2016/3xxx/CVE-2016-3374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka \"PDF Library Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3370." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html", - "refsource" : "MISC", - "url" : "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html" - }, - { - "name" : "http://srcincite.io/advisories/src-2016-39/", - "refsource" : "MISC", - "url" : "http://srcincite.io/advisories/src-2016-39/" - }, - { - "name" : "MS16-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" - }, - { - "name" : "MS16-115", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115" - }, - { - "name" : "92838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92838" - }, - { - "name" : "1036789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka \"PDF Library Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3370." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036789" + }, + { + "name": "MS16-115", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115" + }, + { + "name": "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html", + "refsource": "MISC", + "url": "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html" + }, + { + "name": "92838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92838" + }, + { + "name": "http://srcincite.io/advisories/src-2016-39/", + "refsource": "MISC", + "url": "http://srcincite.io/advisories/src-2016-39/" + }, + { + "name": "MS16-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3594.json b/2016/3xxx/CVE-2016-3594.json index a6abacfb1b5..d6401b3616c 100644 --- a/2016/3xxx/CVE-2016-3594.json +++ b/2016/3xxx/CVE-2016-3594.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91939" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" + }, + { + "name": "91939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91939" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3692.json b/2016/3xxx/CVE-2016-3692.json index c0999dc87cc..672f00d2c14 100644 --- a/2016/3xxx/CVE-2016-3692.json +++ b/2016/3xxx/CVE-2016-3692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3872.json b/2016/3xxx/CVE-2016-3872.json index 0313664b3ec..86ba4f83287 100644 --- a/2016/3xxx/CVE-2016-3872.json +++ b/2016/3xxx/CVE-2016-3872.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742" + }, + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6153.json b/2016/6xxx/CVE-2016-6153.json index ef01cb5586d..ce7a7dc4cf5 100644 --- a/2016/6xxx/CVE-2016-6153.json +++ b/2016/6xxx/CVE-2016-6153.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/01/2" - }, - { - "name" : "[oss-security] 20160701 SQLite Tempdir Selection Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/01/1" - }, - { - "name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "refsource" : "MISC", - "url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt" - }, - { - "name" : "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "refsource" : "CONFIRM", - "url" : "http://www.sqlite.org/cgi/src/info/67985761aa93fb61" - }, - { - "name" : "https://www.sqlite.org/releaselog/3_13_0.html", - "refsource" : "CONFIRM", - "url" : "https://www.sqlite.org/releaselog/3_13_0.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "FEDORA-2016-0138339b54", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/" - }, - { - "name" : "openSUSE-SU-2016:2041", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html" - }, - { - "name" : "91546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "openSUSE-SU-2016:2041", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html" + }, + { + "name": "https://www.sqlite.org/releaselog/3_13_0.html", + "refsource": "CONFIRM", + "url": "https://www.sqlite.org/releaselog/3_13_0.html" + }, + { + "name": "[oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/01/2" + }, + { + "name": "91546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91546" + }, + { + "name": "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", + "refsource": "CONFIRM", + "url": "http://www.sqlite.org/cgi/src/info/67985761aa93fb61" + }, + { + "name": "FEDORA-2016-0138339b54", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/" + }, + { + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", + "refsource": "MISC", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt" + }, + { + "name": "[oss-security] 20160701 SQLite Tempdir Selection Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/01/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6422.json b/2016/6xxx/CVE-2016-6422.json index b874e086b77..58437fb4f96 100644 --- a/2016/6xxx/CVE-2016-6422.json +++ b/2016/6xxx/CVE-2016-6422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161005 Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst" - }, - { - "name" : "93404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93404" - }, - { - "name" : "1036954", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161005 Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst" + }, + { + "name": "1036954", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036954" + }, + { + "name": "93404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93404" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6444.json b/2016/6xxx/CVE-2016-6444.json index ae091acbe25..754f949ec47 100644 --- a/2016/6xxx/CVE-2016-6444.json +++ b/2016/6xxx/CVE-2016-6444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server 1.8, 1.9, 2.0", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Meeting Server 1.8, 1.9, 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server 1.8, 1.9, 2.0", + "version": { + "version_data": [ + { + "version_value": "Cisco Meeting Server 1.8, 1.9, 2.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms" - }, - { - "name" : "93785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93785" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6751.json b/2016/6xxx/CVE-2016-6751.json index 572599faf24..87594430dff 100644 --- a/2016/6xxx/CVE-2016-6751.json +++ b/2016/6xxx/CVE-2016-6751.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94139" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7455.json b/2016/7xxx/CVE-2016-7455.json index a9b30746435..91ce5ffea8e 100644 --- a/2016/7xxx/CVE-2016-7455.json +++ b/2016/7xxx/CVE-2016-7455.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7455", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7455", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8110.json b/2016/8xxx/CVE-2016-8110.json index bda25836dce..db17288ab84 100644 --- a/2016/8xxx/CVE-2016-8110.json +++ b/2016/8xxx/CVE-2016-8110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8725.json b/2016/8xxx/CVE-2016-8725.json index 574ddaf468d..7730fe5a5e6 100644 --- a/2016/8xxx/CVE-2016-8725.json +++ b/2016/8xxx/CVE-2016-8725.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Moxa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0239/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0239/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0239/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0239/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8870.json b/2016/8xxx/CVE-2016-8870.json index b55cb75579f..fd460e5c8c7 100644 --- a/2016/8xxx/CVE-2016-8870.json +++ b/2016/8xxx/CVE-2016-8870.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40637", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40637/" - }, - { - "name" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc" - }, - { - "name" : "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html", - "refsource" : "MISC", - "url" : "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html" - }, - { - "name" : "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r", - "refsource" : "MISC", - "url" : "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r" - }, - { - "name" : "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html" - }, - { - "name" : "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf", - "refsource" : "CONFIRM", - "url" : "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf" - }, - { - "name" : "93876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93876" - }, - { - "name" : "1037108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037108" - }, - { - "name" : "1037107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93876" + }, + { + "name": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html", + "refsource": "MISC", + "url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html" + }, + { + "name": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html" + }, + { + "name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc" + }, + { + "name": "40637", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40637/" + }, + { + "name": "1037108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037108" + }, + { + "name": "1037107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037107" + }, + { + "name": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf", + "refsource": "CONFIRM", + "url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf" + }, + { + "name": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r", + "refsource": "MISC", + "url": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8909.json b/2016/8xxx/CVE-2016-8909.json index 51ba18fe73d..3ea99f26997 100644 --- a/2016/8xxx/CVE-2016-8909.json +++ b/2016/8xxx/CVE-2016-8909.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/24/1" - }, - { - "name" : "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/24/4" - }, - { - "name" : "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "GLSA-201611-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-11" - }, - { - "name" : "RHSA-2017:2392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2392" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "openSUSE-SU-2016:3237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" - }, - { - "name" : "93842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/24/4" + }, + { + "name": "GLSA-201611-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-11" + }, + { + "name": "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/24/1" + }, + { + "name": "RHSA-2017:2392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2392" + }, + { + "name": "openSUSE-SU-2016:3237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + }, + { + "name": "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + }, + { + "name": "93842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93842" + } + ] + } +} \ No newline at end of file