From a64ab8fc0b385b1a5c3a72bcea174587373198c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:49:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0236.json | 190 +++++++-------- 2006/0xxx/CVE-2006-0258.json | 200 ++++++++-------- 2006/0xxx/CVE-2006-0497.json | 170 +++++++------- 2006/1xxx/CVE-2006-1526.json | 360 ++++++++++++++-------------- 2006/1xxx/CVE-2006-1994.json | 180 +++++++------- 2006/3xxx/CVE-2006-3898.json | 160 ++++++------- 2006/4xxx/CVE-2006-4046.json | 230 +++++++++--------- 2006/4xxx/CVE-2006-4047.json | 160 ++++++------- 2006/4xxx/CVE-2006-4265.json | 130 +++++------ 2006/4xxx/CVE-2006-4425.json | 210 ++++++++--------- 2006/4xxx/CVE-2006-4756.json | 130 +++++------ 2006/5xxx/CVE-2006-5810.json | 130 +++++------ 2010/2xxx/CVE-2010-2029.json | 180 +++++++------- 2010/2xxx/CVE-2010-2035.json | 130 +++++------ 2010/2xxx/CVE-2010-2569.json | 150 ++++++------ 2010/2xxx/CVE-2010-2852.json | 160 ++++++------- 2010/3xxx/CVE-2010-3729.json | 140 +++++------ 2010/3xxx/CVE-2010-3942.json | 150 ++++++------ 2010/3xxx/CVE-2010-3984.json | 170 +++++++------- 2010/4xxx/CVE-2010-4008.json | 440 +++++++++++++++++------------------ 2010/4xxx/CVE-2010-4693.json | 180 +++++++------- 2010/4xxx/CVE-2010-4707.json | 170 +++++++------- 2010/4xxx/CVE-2010-4712.json | 180 +++++++------- 2011/1xxx/CVE-2011-1280.json | 180 +++++++------- 2011/5xxx/CVE-2011-5240.json | 120 +++++----- 2014/3xxx/CVE-2014-3197.json | 160 ++++++------- 2014/3xxx/CVE-2014-3419.json | 180 +++++++------- 2014/3xxx/CVE-2014-3425.json | 130 +++++------ 2014/3xxx/CVE-2014-3698.json | 200 ++++++++-------- 2014/4xxx/CVE-2014-4451.json | 180 +++++++------- 2014/7xxx/CVE-2014-7788.json | 140 +++++------ 2014/7xxx/CVE-2014-7896.json | 140 +++++------ 2014/8xxx/CVE-2014-8659.json | 140 +++++------ 2014/8xxx/CVE-2014-8665.json | 130 +++++------ 2014/9xxx/CVE-2014-9003.json | 140 +++++------ 2016/2xxx/CVE-2016-2062.json | 150 ++++++------ 2016/2xxx/CVE-2016-2159.json | 150 ++++++------ 2016/2xxx/CVE-2016-2723.json | 34 +-- 2016/6xxx/CVE-2016-6025.json | 130 +++++------ 2016/6xxx/CVE-2016-6563.json | 336 +++++++++++++------------- 2016/6xxx/CVE-2016-6901.json | 130 +++++------ 2016/6xxx/CVE-2016-6987.json | 160 ++++++------- 2016/7xxx/CVE-2016-7155.json | 170 +++++++------- 2017/5xxx/CVE-2017-5379.json | 152 ++++++------ 2017/5xxx/CVE-2017-5981.json | 140 +++++------ 45 files changed, 3846 insertions(+), 3846 deletions(-) diff --git a/2006/0xxx/CVE-2006-0236.json b/2006/0xxx/CVE-2006-0236.json index 31f7d5532db..1c51d7b26ac 100644 --- a/2006/0xxx/CVE-2006-0236.json +++ b/2006/0xxx/CVE-2006-0236.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422148/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-22/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-22/advisory" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=300246", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=300246" - }, - { - "name" : "MDKSA-2006:021", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:021" - }, - { - "name" : "16271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16271" - }, - { - "name" : "ADV-2006-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0230" - }, - { - "name" : "15907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15907" - }, - { - "name" : "thunderbird-attachment-ext-spoofing(24164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16271" + }, + { + "name": "MDKSA-2006:021", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:021" + }, + { + "name": "thunderbird-attachment-ext-spoofing(24164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24164" + }, + { + "name": "http://secunia.com/secunia_research/2005-22/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-22/advisory" + }, + { + "name": "20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422148/100/0/threaded" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=300246", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=300246" + }, + { + "name": "ADV-2006-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0230" + }, + { + "name": "15907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15907" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0258.json b/2006/0xxx/CVE-2006-0258.json index 8bff40d9261..23b52ce2c6a 100644 --- a/2006/0xxx/CVE-2006-0258.json +++ b/2006/0xxx/CVE-2006-0258.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0497.json b/2006/0xxx/CVE-2006-0497.json index c483c5caf75..8d166fdde37 100644 --- a/2006/0xxx/CVE-2006-0497.json +++ b/2006/0xxx/CVE-2006-0497.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eyce.be/php_gen/NEWS", - "refsource" : "CONFIRM", - "url" : "http://www.eyce.be/php_gen/NEWS" - }, - { - "name" : "15458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15458" - }, - { - "name" : "ADV-2006-0408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0408" - }, - { - "name" : "22885", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22885" - }, - { - "name" : "18715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18715" - }, - { - "name" : "phpgen-multiple-sql-injection(24441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eyce.be/php_gen/NEWS", + "refsource": "CONFIRM", + "url": "http://www.eyce.be/php_gen/NEWS" + }, + { + "name": "18715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18715" + }, + { + "name": "phpgen-multiple-sql-injection(24441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24441" + }, + { + "name": "22885", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22885" + }, + { + "name": "ADV-2006-0408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0408" + }, + { + "name": "15458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15458" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1526.json b/2006/1xxx/CVE-2006-1526.json index ddf3de3ef85..4cbf7528d7a 100644 --- a/2006/1xxx/CVE-2006-1526.json +++ b/2006/1xxx/CVE-2006-1526.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a \"&\" instead of a \"*\" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg/2006-May/015136.html" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=6642", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=6642" - }, - { - "name" : "FLSA:190777", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436327/100/0/threaded" - }, - { - "name" : "GLSA-200605-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-02.xml" - }, - { - "name" : "MDKSA-2006:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:081" - }, - { - "name" : "[3.8] 007: SECURITY FIX: May 2, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata38.html#xorg" - }, - { - "name" : "RHSA-2006:0451", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0451.html" - }, - { - "name" : "102339", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1" - }, - { - "name" : "SUSE-SA:2006:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_03.html" - }, - { - "name" : "2006-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0024" - }, - { - "name" : "USN-280-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/280-1/" - }, - { - "name" : "VU#633257", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/633257" - }, - { - "name" : "17795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17795" - }, - { - "name" : "oval:org.mitre.oval:def:9929", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9929" - }, - { - "name" : "ADV-2006-1617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1617" - }, - { - "name" : "1016018", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016018" - }, - { - "name" : "19915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19915" - }, - { - "name" : "19921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19921" - }, - { - "name" : "19943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19943" - }, - { - "name" : "19900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19900" - }, - { - "name" : "19916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19916" - }, - { - "name" : "19951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19951" - }, - { - "name" : "19956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19956" - }, - { - "name" : "19983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19983" - }, - { - "name" : "xorg-xrender-bo(26200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a \"&\" instead of a \"*\" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0451", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0451.html" + }, + { + "name": "19921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19921" + }, + { + "name": "19943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19943" + }, + { + "name": "xorg-xrender-bo(26200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26200" + }, + { + "name": "19956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19956" + }, + { + "name": "MDKSA-2006:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:081" + }, + { + "name": "ADV-2006-1617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1617" + }, + { + "name": "19951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19951" + }, + { + "name": "SUSE-SA:2006:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_03.html" + }, + { + "name": "oval:org.mitre.oval:def:9929", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9929" + }, + { + "name": "17795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17795" + }, + { + "name": "102339", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1" + }, + { + "name": "VU#633257", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/633257" + }, + { + "name": "1016018", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016018" + }, + { + "name": "GLSA-200605-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-02.xml" + }, + { + "name": "19983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19983" + }, + { + "name": "[3.8] 007: SECURITY FIX: May 2, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata38.html#xorg" + }, + { + "name": "2006-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0024" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=6642", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=6642" + }, + { + "name": "19900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19900" + }, + { + "name": "USN-280-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/280-1/" + }, + { + "name": "FLSA:190777", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436327/100/0/threaded" + }, + { + "name": "19915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19915" + }, + { + "name": "[xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg/2006-May/015136.html" + }, + { + "name": "19916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19916" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1994.json b/2006/1xxx/CVE-2006-1994.json index 5b1cb0d617a..6a84ee65118 100644 --- a/2006/1xxx/CVE-2006-1994.json +++ b/2006/1xxx/CVE-2006-1994.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431758" - }, - { - "name" : "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=27", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=27" - }, - { - "name" : "17650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17650" - }, - { - "name" : "ADV-2006-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1482" - }, - { - "name" : "19788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19788" - }, - { - "name" : "dforum-dforumpath-parameter-file-include(26035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1482" + }, + { + "name": "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431758" + }, + { + "name": "19788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19788" + }, + { + "name": "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html" + }, + { + "name": "dforum-dforumpath-parameter-file-include(26035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26035" + }, + { + "name": "http://www.nukedx.com/?viewdoc=27", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=27" + }, + { + "name": "17650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17650" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3898.json b/2006/3xxx/CVE-2006-3898.json index b0ba3de9b70..e1a62dfcfa0 100644 --- a/2006/3xxx/CVE-2006-3898.json +++ b/2006/3xxx/CVE-2006-3898.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html" - }, - { - "name" : "19109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19109" - }, - { - "name" : "ADV-2006-2952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2952" - }, - { - "name" : "27231", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27231" - }, - { - "name" : "ie-hhctrl-dos(27929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27231", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27231" + }, + { + "name": "ie-hhctrl-dos(27929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27929" + }, + { + "name": "ADV-2006-2952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2952" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html" + }, + { + "name": "19109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19109" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4046.json b/2006/4xxx/CVE-2006-4046.json index be15257efc6..417926e1640 100644 --- a/2006/4xxx/CVE-2006-4046.json +++ b/2006/4xxx/CVE-2006-4046.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060731 Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441730/100/100/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/ocpbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ocpbof-adv.txt" - }, - { - "name" : "2094", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2094" - }, - { - "name" : "19262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19262" - }, - { - "name" : "ADV-2006-3078", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3078" - }, - { - "name" : "1016611", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016611" - }, - { - "name" : "21267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21267" - }, - { - "name" : "1349", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1349" - }, - { - "name" : "opencubicplayer-itplayerclassmoduleload-bo(28104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28104" - }, - { - "name" : "opencubicplayer-mploadams-bo(28106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28106" - }, - { - "name" : "opencubicplayer-mploads3m-bo(28103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28103" - }, - { - "name" : "opencubicplayer-mploadult-bo(28105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21267" + }, + { + "name": "opencubicplayer-itplayerclassmoduleload-bo(28104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28104" + }, + { + "name": "1349", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1349" + }, + { + "name": "19262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19262" + }, + { + "name": "2094", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2094" + }, + { + "name": "20060731 Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441730/100/100/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/ocpbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ocpbof-adv.txt" + }, + { + "name": "ADV-2006-3078", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3078" + }, + { + "name": "opencubicplayer-mploads3m-bo(28103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28103" + }, + { + "name": "opencubicplayer-mploadams-bo(28106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28106" + }, + { + "name": "1016611", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016611" + }, + { + "name": "opencubicplayer-mploadult-bo(28105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28105" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4047.json b/2006/4xxx/CVE-2006-4047.json index 51f19bffa78..20edde0db2c 100644 --- a/2006/4xxx/CVE-2006-4047.json +++ b/2006/4xxx/CVE-2006-4047.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19419" - }, - { - "name" : "ADV-2006-3167", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3167" - }, - { - "name" : "27788", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27788" - }, - { - "name" : "21347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21347" - }, - { - "name" : "netiouscms-index-sql-injection(28263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21347" + }, + { + "name": "ADV-2006-3167", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3167" + }, + { + "name": "19419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19419" + }, + { + "name": "27788", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27788" + }, + { + "name": "netiouscms-index-sql-injection(28263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28263" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4265.json b/2006/4xxx/CVE-2006-4265.json index f733b0728eb..26203171122 100644 --- a/2006/4xxx/CVE-2006-4265.json +++ b/2006/4xxx/CVE-2006-4265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060812 Kaspersky Anti-Hacker personal firewall unstealthy stealth mode", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443180/100/100/threaded" - }, - { - "name" : "1427", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060812 Kaspersky Anti-Hacker personal firewall unstealthy stealth mode", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443180/100/100/threaded" + }, + { + "name": "1427", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1427" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4425.json b/2006/4xxx/CVE-2006-4425.json index 69290650a02..a08bc1242ba 100644 --- a/2006/4xxx/CVE-2006-4425.json +++ b/2006/4xxx/CVE-2006-4425.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3385", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3385" - }, - { - "name" : "28219", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28219" - }, - { - "name" : "28220", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28220" - }, - { - "name" : "28221", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28221" - }, - { - "name" : "28222", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28222" - }, - { - "name" : "28223", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28223" - }, - { - "name" : "28224", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28224" - }, - { - "name" : "28225", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28225" - }, - { - "name" : "21624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21624" - }, - { - "name" : "phpcoin-ccfgpkgpathincl-file-include(28572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28224", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28224" + }, + { + "name": "28221", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28221" + }, + { + "name": "28222", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28222" + }, + { + "name": "28220", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28220" + }, + { + "name": "ADV-2006-3385", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3385" + }, + { + "name": "28219", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28219" + }, + { + "name": "21624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21624" + }, + { + "name": "phpcoin-ccfgpkgpathincl-file-include(28572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28572" + }, + { + "name": "28223", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28223" + }, + { + "name": "28225", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28225" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4756.json b/2006/4xxx/CVE-2006-4756.json index 7db76a5d2cd..fb34d22393d 100644 --- a/2006/4xxx/CVE-2006-4756.json +++ b/2006/4xxx/CVE-2006-4756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3562" - }, - { - "name" : "21875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21875" + }, + { + "name": "ADV-2006-3562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3562" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5810.json b/2006/5xxx/CVE-2006-5810.json index a62caeb6fe2..6904f9ef7dd 100644 --- a/2006/5xxx/CVE-2006-5810.json +++ b/2006/5xxx/CVE-2006-5810.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new", - "refsource" : "MISC", - "url" : "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new" - }, - { - "name" : "20927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new", + "refsource": "MISC", + "url": "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new" + }, + { + "name": "20927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20927" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2029.json b/2010/2xxx/CVE-2010-2029.json index 65b623f2a76..7d2818250e1 100644 --- a/2010/2xxx/CVE-2010-2029.json +++ b/2010/2xxx/CVE-2010-2029.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html" - }, - { - "name" : "http://cybozu.co.jp/products/dl/notice/detail/0034.html", - "refsource" : "CONFIRM", - "url" : "http://cybozu.co.jp/products/dl/notice/detail/0034.html" - }, - { - "name" : "JVN#87730223", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87730223/index.html" - }, - { - "name" : "JVNDB-2010-000016", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html" - }, - { - "name" : "63933", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63933" - }, - { - "name" : "39508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39508" - }, - { - "name" : "cybozu-office-dotsales-sec-bypass(57976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39508" + }, + { + "name": "http://cybozu.co.jp/products/dl/notice/detail/0034.html", + "refsource": "CONFIRM", + "url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html" + }, + { + "name": "JVNDB-2010-000016", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html" + }, + { + "name": "63933", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63933" + }, + { + "name": "cybozu-office-dotsales-sec-bypass(57976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976" + }, + { + "name": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html" + }, + { + "name": "JVN#87730223", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87730223/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2035.json b/2010/2xxx/CVE-2010-2035.json index 4b35bb90f4d..c2e59731bcf 100644 --- a/2010/2xxx/CVE-2010-2035.json +++ b/2010/2xxx/CVE-2010-2035.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt" - }, - { - "name" : "40244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt" + }, + { + "name": "40244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40244" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2569.json b/2010/2xxx/CVE-2010-2569.json index 9e57a5c3ec6..12014442778 100644 --- a/2010/2xxx/CVE-2010-2569.json +++ b/2010/2xxx/CVE-2010-2569.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka \"Size Value Heap Corruption in pubconv.dll Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-103", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11555", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555" - }, - { - "name" : "1024885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka \"Size Value Heap Corruption in pubconv.dll Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-103", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" + }, + { + "name": "oval:org.mitre.oval:def:11555", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555" + }, + { + "name": "1024885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024885" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2852.json b/2010/2xxx/CVE-2010-2852.json index a20622fe453..e57868cdaf5 100644 --- a/2010/2xxx/CVE-2010-2852.json +++ b/2010/2xxx/CVE-2010-2852.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html" - }, - { - "name" : "41551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41551" - }, - { - "name" : "66244", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66244" - }, - { - "name" : "40521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40521" - }, - { - "name" : "runcms-magpiedebug-xss(60224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "runcms-magpiedebug-xss(60224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60224" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html" + }, + { + "name": "66244", + "refsource": "OSVDB", + "url": "http://osvdb.org/66244" + }, + { + "name": "41551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41551" + }, + { + "name": "40521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40521" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3729.json b/2010/3xxx/CVE-2010-3729.json index 9702b9eabad..3c03c075809 100644 --- a/2010/3xxx/CVE-2010-3729.json +++ b/2010/3xxx/CVE-2010-3729.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=55119", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=55119" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html" - }, - { - "name" : "oval:org.mitre.oval:def:7380", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=55119", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=55119" + }, + { + "name": "oval:org.mitre.oval:def:7380", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7380" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3942.json b/2010/3xxx/CVE-2010-3942.json index fed204a103f..57fb18535f7 100644 --- a/2010/3xxx/CVE-2010-3942.json +++ b/2010/3xxx/CVE-2010-3942.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka \"Win32k WriteAV Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-098", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11762", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11762" - }, - { - "name" : "1024880", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka \"Win32k WriteAV Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-098", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" + }, + { + "name": "1024880", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024880" + }, + { + "name": "oval:org.mitre.oval:def:11762", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11762" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3984.json b/2010/3xxx/CVE-2010-3984.json index 134344702f8..5cd159c9ca2 100644 --- a/2010/3xxx/CVE-2010-3984.json +++ b/2010/3xxx/CVE-2010-3984.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101209 CA20101209-01: Security Notice for CA XOsoft", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515115/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-263/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-263/" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d" - }, - { - "name" : "45317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45317" - }, - { - "name" : "1024852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024852" - }, - { - "name" : "42561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42561" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-263/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-263/" + }, + { + "name": "20101209 CA20101209-01: Security Notice for CA XOsoft", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515115/100/0/threaded" + }, + { + "name": "45317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45317" + }, + { + "name": "1024852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024852" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4008.json b/2010/4xxx/CVE-2010-4008.json index 9896bc48842..6b06628d27f 100644 --- a/2010/4xxx/CVE-2010-4008.json +++ b/2010/4xxx/CVE-2010-4008.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-4008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xml] 20101104 Release of libxml2-2.7.8", - "refsource" : "MLIST", - "url" : "http://mail.gnome.org/archives/xml/2010-November/msg00015.html" - }, - { - "name" : "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/", - "refsource" : "MISC", - "url" : "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=58731", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=58731" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html" - }, - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "DSA-2128", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2128" - }, - { - "name" : "HPSBMA02662", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "SSRT100409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "MDVSA-2010:243", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:243" - }, - { - "name" : "RHSA-2011:1749", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1749.html" - }, - { - "name" : "RHSA-2013:0217", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html" - }, - { - "name" : "SUSE-SR:2010:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" - }, - { - "name" : "USN-1016-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1016-1" - }, - { - "name" : "44779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44779" - }, - { - "name" : "oval:org.mitre.oval:def:12148", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148" - }, - { - "name" : "42109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42109" - }, - { - "name" : "42175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42175" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "42429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42429" - }, - { - "name" : "40775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40775" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2010-3076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3076" - }, - { - "name" : "ADV-2010-3100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3100" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40775" + }, + { + "name": "42175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42175" + }, + { + "name": "[xml] 20101104 Release of libxml2-2.7.8", + "refsource": "MLIST", + "url": "http://mail.gnome.org/archives/xml/2010-November/msg00015.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html" + }, + { + "name": "HPSBMA02662", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "44779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44779" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "RHSA-2013:0217", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" + }, + { + "name": "USN-1016-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1016-1" + }, + { + "name": "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/", + "refsource": "MISC", + "url": "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/" + }, + { + "name": "42109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42109" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "SUSE-SR:2010:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" + }, + { + "name": "RHSA-2011:1749", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html" + }, + { + "name": "ADV-2010-3100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3100" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "DSA-2128", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2128" + }, + { + "name": "MDVSA-2010:243", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:243" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "SSRT100409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "ADV-2010-3076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3076" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "oval:org.mitre.oval:def:12148", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=58731", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=58731" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + }, + { + "name": "42429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42429" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4693.json b/2010/4xxx/CVE-2010-4693.json index 44d19a06dc1..175b66f2224 100644 --- a/2010/4xxx/CVE-2010-4693.json +++ b/2010/4xxx/CVE-2010-4693.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515479/100/0/threaded" - }, - { - "name" : "http://www.waraxe.us/advisory-79.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-79.html" - }, - { - "name" : "45600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45600" - }, - { - "name" : "70173", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70173" - }, - { - "name" : "70174", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70174" - }, - { - "name" : "42751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42751" - }, - { - "name" : "coppermine-help-searchnew-xss(64344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45600" + }, + { + "name": "42751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42751" + }, + { + "name": "70173", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70173" + }, + { + "name": "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded" + }, + { + "name": "70174", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70174" + }, + { + "name": "coppermine-help-searchnew-xss(64344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344" + }, + { + "name": "http://www.waraxe.us/advisory-79.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-79.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4707.json b/2010/4xxx/CVE-2010-4707.json index 8cf4d2a939a..3794ba8f729 100644 --- a/2010/4xxx/CVE-2010-4707.json +++ b/2010/4xxx/CVE-2010-4707.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/10/03/1" - }, - { - "name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9", - "refsource" : "CONFIRM", - "url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9" - }, - { - "name" : "GLSA-201206-31", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml" - }, - { - "name" : "46045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46045" - }, - { - "name" : "49711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49711" - }, - { - "name" : "linuxpam-checkacl-dos(65036)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linuxpam-checkacl-dos(65036)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65036" + }, + { + "name": "GLSA-201206-31", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml" + }, + { + "name": "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/10/03/1" + }, + { + "name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9", + "refsource": "CONFIRM", + "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9" + }, + { + "name": "46045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46045" + }, + { + "name": "49711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49711" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4712.json b/2010/4xxx/CVE-2010-4712.json index 578aaf6f26e..4720aac395a 100644 --- a/2010/4xxx/CVE-2010-4712.json +++ b/2010/4xxx/CVE-2010-4712.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-237/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-237/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-238/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-238/" - }, - { - "name" : "http://www.facebook.com/note.php?note_id=477865030928", - "refsource" : "CONFIRM", - "url" : "http://www.facebook.com/note.php?note_id=477865030928" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=642336", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=642336" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=647757", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=647757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-238/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-238/" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=642336", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=642336" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-237/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-237/" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=647757", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=647757" + }, + { + "name": "http://www.facebook.com/note.php?note_id=477865030928", + "refsource": "CONFIRM", + "url": "http://www.facebook.com/note.php?note_id=477865030928" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1280.json b/2011/1xxx/CVE-2011-1280.json index 836d556576e..632aae9c745 100644 --- a/2011/1xxx/CVE-2011-1280.json +++ b/2011/1xxx/CVE-2011-1280.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049" - }, - { - "name" : "48196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48196" - }, - { - "name" : "oval:org.mitre.oval:def:12664", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664" - }, - { - "name" : "1025646", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025646" - }, - { - "name" : "1025647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025647" - }, - { - "name" : "1025648", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025648" - }, - { - "name" : "44912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48196" + }, + { + "name": "1025647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025647" + }, + { + "name": "1025648", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025648" + }, + { + "name": "MS11-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049" + }, + { + "name": "1025646", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025646" + }, + { + "name": "oval:org.mitre.oval:def:12664", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664" + }, + { + "name": "44912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44912" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5240.json b/2011/5xxx/CVE-2011-5240.json index 5bfa2c43360..3709e00845d 100644 --- a/2011/5xxx/CVE-2011-5240.json +++ b/2011/5xxx/CVE-2011-5240.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.unrest.ca/peerjacking", - "refsource" : "MISC", - "url" : "http://www.unrest.ca/peerjacking" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.unrest.ca/peerjacking", + "refsource": "MISC", + "url": "http://www.unrest.ca/peerjacking" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3197.json b/2014/3xxx/CVE-2014-3197.json index 2dece1b7ba2..754e572a267 100644 --- a/2014/3xxx/CVE-2014-3197.json +++ b/2014/3xxx/CVE-2014-3197.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" - }, - { - "name" : "https://crbug.com/396544", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/396544" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=179240&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=179240&view=revision" - }, - { - "name" : "RHSA-2014:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html" - }, - { - "name" : "70273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html" + }, + { + "name": "https://crbug.com/396544", + "refsource": "CONFIRM", + "url": "https://crbug.com/396544" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision" + }, + { + "name": "70273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70273" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3419.json b/2014/3xxx/CVE-2014-3419.json index c9d8720b14b..fd60b3bd744 100644 --- a/2014/3xxx/CVE-2014-3419.json +++ b/2014/3xxx/CVE-2014-3419.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140709 Weak Local Database Credentials in Infoblox Network Automation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532710/100/0/threaded" - }, - { - "name" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html", - "refsource" : "MISC", - "url" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html" - }, - { - "name" : "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html" - }, - { - "name" : "https://github.com/depthsecurity/NetMRI-2014-3418", - "refsource" : "MISC", - "url" : "https://github.com/depthsecurity/NetMRI-2014-3418" - }, - { - "name" : "68473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68473" - }, - { - "name" : "1030542", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030542" - }, - { - "name" : "infoblox-cve20143419-default-account(94450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68473" + }, + { + "name": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html" + }, + { + "name": "20140709 Weak Local Database Credentials in Infoblox Network Automation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded" + }, + { + "name": "1030542", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030542" + }, + { + "name": "infoblox-cve20143419-default-account(94450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450" + }, + { + "name": "https://github.com/depthsecurity/NetMRI-2014-3418", + "refsource": "MISC", + "url": "https://github.com/depthsecurity/NetMRI-2014-3418" + }, + { + "name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html", + "refsource": "MISC", + "url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3425.json b/2014/3xxx/CVE-2014-3425.json index 26cdd300a8a..1378ce669b3 100644 --- a/2014/3xxx/CVE-2014-3425.json +++ b/2014/3xxx/CVE-2014-3425.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service (\"remote control\" outage) by creating a /tmp/xmosaic.pid file for every possible PID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html" - }, - { - "name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/07/7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service (\"remote control\" outage) by creating a /tmp/xmosaic.pid file for every possible PID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/07/7" + }, + { + "name": "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3698.json b/2014/3xxx/CVE-2014-3698.json index f501f10b90d..06fedbede50 100644 --- a/2014/3xxx/CVE-2014-3698.json +++ b/2014/3xxx/CVE-2014-3698.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc", - "refsource" : "CONFIRM", - "url" : "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc" - }, - { - "name" : "http://pidgin.im/news/security/?id=90", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=90" - }, - { - "name" : "DSA-3055", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3055" - }, - { - "name" : "RHSA-2017:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1854" - }, - { - "name" : "openSUSE-SU-2014:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html" - }, - { - "name" : "openSUSE-SU-2014:1397", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html" - }, - { - "name" : "USN-2390-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2390-1" - }, - { - "name" : "60741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60741" - }, - { - "name" : "61968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc", + "refsource": "CONFIRM", + "url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc" + }, + { + "name": "http://pidgin.im/news/security/?id=90", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=90" + }, + { + "name": "RHSA-2017:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1854" + }, + { + "name": "USN-2390-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2390-1" + }, + { + "name": "openSUSE-SU-2014:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html" + }, + { + "name": "60741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60741" + }, + { + "name": "DSA-3055", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3055" + }, + { + "name": "openSUSE-SU-2014:1397", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html" + }, + { + "name": "61968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61968" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4451.json b/2014/4xxx/CVE-2014-4451.json index 7c5d2caa01e..80aae69584e 100644 --- a/2014/4xxx/CVE-2014-4451.json +++ b/2014/4xxx/CVE-2014-4451.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/en-us/HT6590", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6590" - }, - { - "name" : "https://support.apple.com/en-us/HT204418", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT204418" - }, - { - "name" : "APPLE-SA-2014-11-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" - }, - { - "name" : "71138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71138" - }, - { - "name" : "1031232", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031232" - }, - { - "name" : "62504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62504" - }, - { - "name" : "appleios-cve20144451-sec-bypass(98776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appleios-cve20144451-sec-bypass(98776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98776" + }, + { + "name": "APPLE-SA-2014-11-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" + }, + { + "name": "https://support.apple.com/en-us/HT6590", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6590" + }, + { + "name": "62504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62504" + }, + { + "name": "71138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71138" + }, + { + "name": "1031232", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031232" + }, + { + "name": "https://support.apple.com/en-us/HT204418", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT204418" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7788.json b/2014/7xxx/CVE-2014-7788.json index 08a9161c718..a17bdac9d70 100644 --- a/2014/7xxx/CVE-2014-7788.json +++ b/2014/7xxx/CVE-2014-7788.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#663281", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/663281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#663281", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/663281" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7896.json b/2014/7xxx/CVE-2014-7896.json index 9622d6aed7a..ff26514e096 100644 --- a/2014/7xxx/CVE-2014-7896.json +++ b/2014/7xxx/CVE-2014-7896.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST03274", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371" - }, - { - "name" : "SSRT101954", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371" - }, - { - "name" : "1031828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101954", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371" + }, + { + "name": "HPSBST03274", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371" + }, + { + "name": "1031828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031828" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8659.json b/2014/8xxx/CVE-2014-8659.json index 31ff93ce144..e6836d626ee 100644 --- a/2014/8xxx/CVE-2014-8659.json +++ b/2014/8xxx/CVE-2014-8659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0002052082", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0002052082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "http://service.sap.com/sap/support/notes/0002052082", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0002052082" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8665.json b/2014/8xxx/CVE-2014-8665.json index 8d890f02060..48a238c566b 100644 --- a/2014/8xxx/CVE-2014-8665.json +++ b/2014/8xxx/CVE-2014-8665.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0002018682", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0002018682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.sap.com/sap/support/notes/0002018682", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0002018682" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9003.json b/2014/9xxx/CVE-2014-9003.json index 9b911083d55..1e3c69838b8 100644 --- a/2014/9xxx/CVE-2014-9003.json +++ b/2014/9xxx/CVE-2014-9003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/24" - }, - { - "name" : "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html" - }, - { - "name" : "xprintserver-version-csrf(98645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xprintserver-version-csrf(98645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645" + }, + { + "name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/24" + }, + { + "name": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2062.json b/2016/2xxx/CVE-2016-2062.json index ccc11bd2489..b3663c0fa8a 100644 --- a/2016/2xxx/CVE-2016-2062.json +++ b/2016/2xxx/CVE-2016-2062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576", - "refsource" : "CONFIRM", - "url" : "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576" - }, - { - "name" : "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "1035766", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576", + "refsource": "CONFIRM", + "url": "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576" + }, + { + "name": "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062" + }, + { + "name": "1035766", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035766" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2159.json b/2016/2xxx/CVE-2016-2159.json index b3b7a3d498f..7d0bca83867 100644 --- a/2016/2xxx/CVE-2016-2159.json +++ b/2016/2xxx/CVE-2016-2159.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160321 moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=330182", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=330182" - }, - { - "name" : "1035333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=330182", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=330182" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901" + }, + { + "name": "[oss-security] 20160321 moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" + }, + { + "name": "1035333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035333" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2723.json b/2016/2xxx/CVE-2016-2723.json index 821f1200fe8..71d0d368d0c 100644 --- a/2016/2xxx/CVE-2016-2723.json +++ b/2016/2xxx/CVE-2016-2723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2723", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2723", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6025.json b/2016/6xxx/CVE-2016-6025.json index fdf83be063d..1c9729e61c6 100644 --- a/2016/6xxx/CVE-2016-6025.json +++ b/2016/6xxx/CVE-2016-6025.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278" - }, - { - "name" : "93345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93345" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6563.json b/2016/6xxx/CVE-2016-6563.json index 8bf18062378..e6efa556f02 100644 --- a/2016/6xxx/CVE-2016-6563.json +++ b/2016/6xxx/CVE-2016-6563.json @@ -1,170 +1,170 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6563", - "STATE" : "PUBLIC", - "TITLE" : "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DIR-823", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-822", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-818L(W)", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-895L", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-890L", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-885L", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-880L", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-868L", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "DIR-850L", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "D-Link" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6563", + "STATE": "PUBLIC", + "TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIR-823", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-822", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-818L(W)", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-895L", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-890L", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-885L", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-880L", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-868L", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "DIR-850L", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40805", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40805/" - }, - { - "name" : "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Nov/38" - }, - { - "name" : "VU#677427", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/677427" - }, - { - "name" : "94130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94130" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40805", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40805/" + }, + { + "name": "VU#677427", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/677427" + }, + { + "name": "94130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94130" + }, + { + "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Nov/38" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6901.json b/2016/6xxx/CVE-2016-6901.json index fb261cbc35f..55e1784bd9d 100644 --- a/2016/6xxx/CVE-2016-6901.json +++ b/2016/6xxx/CVE-2016-6901.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en" - }, - { - "name" : "92618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92618" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6987.json b/2016/6xxx/CVE-2016-6987.json index 0abcecdfba5..8c460947481 100644 --- a/2016/6xxx/CVE-2016-6987.json +++ b/2016/6xxx/CVE-2016-6987.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:2057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" - }, - { - "name" : "93492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93492" - }, - { - "name" : "1036985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" + }, + { + "name": "93492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93492" + }, + { + "name": "RHSA-2016:2057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html" + }, + { + "name": "1036985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036985" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7155.json b/2016/7xxx/CVE-2016-7155.json index 3ddc0b568ee..6258aaff9af 100644 --- a/2016/7xxx/CVE-2016-7155.json +++ b/2016/7xxx/CVE-2016-7155.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/06/2" - }, - { - "name" : "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/07/1" - }, - { - "name" : "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753" - }, - { - "name" : "92772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1" + }, + { + "name": "92772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92772" + }, + { + "name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753" + }, + { + "name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5379.json b/2017/5xxx/CVE-2017-5379.json index bac81b8a44e..001b30b605e 100644 --- a/2017/5xxx/CVE-2017-5379.json +++ b/2017/5xxx/CVE-2017-5379.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "51" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in Web Animations" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "51" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/" - }, - { - "name" : "95763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95763" - }, - { - "name" : "1037693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in Web Animations" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198" + }, + { + "name": "1037693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037693" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/" + }, + { + "name": "95763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95763" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5981.json b/2017/5xxx/CVE-2017-5981.json index c3489a277e2..17894e8552f 100644 --- a/2017/5xxx/CVE-2017-5981.json +++ b/2017/5xxx/CVE-2017-5981.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/" - }, - { - "name" : "DSA-3878", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3878" - }, - { - "name" : "96268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96268" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/" + }, + { + "name": "DSA-3878", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3878" + } + ] + } +} \ No newline at end of file