From afbbef2ab470114addeffcc2229a88f6551a4a81 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:41:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0205.json | 230 +++++++++--------- 2006/0xxx/CVE-2006-0216.json | 140 +++++------ 2006/0xxx/CVE-2006-0688.json | 200 +++++++-------- 2006/0xxx/CVE-2006-0801.json | 180 +++++++------- 2006/1xxx/CVE-2006-1059.json | 230 +++++++++--------- 2006/1xxx/CVE-2006-1137.json | 200 +++++++-------- 2006/1xxx/CVE-2006-1968.json | 170 ++++++------- 2006/5xxx/CVE-2006-5291.json | 210 ++++++++-------- 2006/5xxx/CVE-2006-5529.json | 130 +++++----- 2006/5xxx/CVE-2006-5757.json | 340 +++++++++++++------------- 2006/5xxx/CVE-2006-5855.json | 260 ++++++++++---------- 2007/2xxx/CVE-2007-2310.json | 140 +++++------ 2007/2xxx/CVE-2007-2389.json | 190 +++++++-------- 2007/2xxx/CVE-2007-2463.json | 170 ++++++------- 2010/0xxx/CVE-2010-0364.json | 150 ++++++------ 2010/0xxx/CVE-2010-0890.json | 200 +++++++-------- 2010/0xxx/CVE-2010-0914.json | 120 ++++----- 2010/0xxx/CVE-2010-0926.json | 460 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3106.json | 140 +++++------ 2010/3xxx/CVE-2010-3159.json | 140 +++++------ 2010/3xxx/CVE-2010-3479.json | 150 ++++++------ 2010/3xxx/CVE-2010-3598.json | 170 ++++++------- 2010/3xxx/CVE-2010-3962.json | 250 +++++++++---------- 2010/4xxx/CVE-2010-4316.json | 34 +-- 2010/4xxx/CVE-2010-4744.json | 180 +++++++------- 2014/0xxx/CVE-2014-0687.json | 34 +-- 2014/4xxx/CVE-2014-4058.json | 150 ++++++------ 2014/4xxx/CVE-2014-4162.json | 150 ++++++------ 2014/4xxx/CVE-2014-4612.json | 180 +++++++------- 2014/8xxx/CVE-2014-8063.json | 34 +-- 2014/8xxx/CVE-2014-8193.json | 34 +-- 2014/8xxx/CVE-2014-8286.json | 34 +-- 2014/8xxx/CVE-2014-8876.json | 34 +-- 2014/9xxx/CVE-2014-9071.json | 34 +-- 2014/9xxx/CVE-2014-9571.json | 190 +++++++-------- 2016/2xxx/CVE-2016-2766.json | 34 +-- 2016/3xxx/CVE-2016-3030.json | 34 +-- 2016/3xxx/CVE-2016-3082.json | 140 +++++------ 2016/3xxx/CVE-2016-3510.json | 150 ++++++------ 2016/3xxx/CVE-2016-3695.json | 140 +++++------ 2016/3xxx/CVE-2016-3720.json | 120 ++++----- 2016/3xxx/CVE-2016-3927.json | 130 +++++----- 2016/6xxx/CVE-2016-6172.json | 220 ++++++++--------- 2016/6xxx/CVE-2016-6465.json | 140 +++++------ 2016/6xxx/CVE-2016-6508.json | 170 ++++++------- 2016/6xxx/CVE-2016-6747.json | 130 +++++----- 2016/6xxx/CVE-2016-6789.json | 140 +++++------ 2016/7xxx/CVE-2016-7107.json | 130 +++++----- 2016/7xxx/CVE-2016-7416.json | 210 ++++++++-------- 2016/7xxx/CVE-2016-7607.json | 160 ++++++------ 2016/7xxx/CVE-2016-7665.json | 140 +++++------ 2016/7xxx/CVE-2016-7855.json | 180 +++++++------- 2016/8xxx/CVE-2016-8437.json | 130 +++++----- 2016/8xxx/CVE-2016-8590.json | 120 ++++----- 54 files changed, 4138 insertions(+), 4138 deletions(-) diff --git a/2006/0xxx/CVE-2006-0205.json b/2006/0xxx/CVE-2006-0205.json index ccd78474831..43c7cf9f6f4 100644 --- a/2006/0xxx/CVE-2006-0205.json +++ b/2006/0xxx/CVE-2006-0205.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 [eVuln] Wordcircle Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421745/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/27/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/27/summary.html" - }, - { - "name" : "20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421746/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/28/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/28/summary.html" - }, - { - "name" : "16227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16227" - }, - { - "name" : "ADV-2006-0185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0185" - }, - { - "name" : "22358", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22358" - }, - { - "name" : "18440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18440" - }, - { - "name" : "345", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/345" - }, - { - "name" : "346", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/346" - }, - { - "name" : "wordcircle-login-security-bypass(24108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24108" - }, - { - "name" : "wordcircle-sql-injection(24105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0185" + }, + { + "name": "346", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/346" + }, + { + "name": "http://evuln.com/vulns/27/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/27/summary.html" + }, + { + "name": "345", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/345" + }, + { + "name": "20060112 [eVuln] Wordcircle Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421745/100/0/threaded" + }, + { + "name": "18440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18440" + }, + { + "name": "16227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16227" + }, + { + "name": "22358", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22358" + }, + { + "name": "http://evuln.com/vulns/28/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/28/summary.html" + }, + { + "name": "20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421746/100/0/threaded" + }, + { + "name": "wordcircle-sql-injection(24105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24105" + }, + { + "name": "wordcircle-login-security-bypass(24108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24108" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0216.json b/2006/0xxx/CVE-2006-0216.json index 7e8d0de5695..b8ddedcef1b 100644 --- a/2006/0xxx/CVE-2006-0216.json +++ b/2006/0xxx/CVE-2006-0216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified \"meta characters\" to the cpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22352-qualityppc.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22352-qualityppc.txt" - }, - { - "name" : "http://osvdb.org/ref/22/22353-qualityppc.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22353-qualityppc.txt" - }, - { - "name" : "22353", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified \"meta characters\" to the cpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22353", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22353" + }, + { + "name": "http://osvdb.org/ref/22/22352-qualityppc.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22352-qualityppc.txt" + }, + { + "name": "http://osvdb.org/ref/22/22353-qualityppc.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22353-qualityppc.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0688.json b/2006/0xxx/CVE-2006-0688.json index 3c1390e7593..5702a41d6b4 100644 --- a/2006/0xxx/CVE-2006-0688.json +++ b/2006/0xxx/CVE-2006-0688.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060209 [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424549/100/0/threaded" - }, - { - "name" : "http://echo.or.id/adv/adv27-K-159-2006.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv27-K-159-2006.txt" - }, - { - "name" : "http://echo.or.id/adv/adv26-K-159-2006.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv26-K-159-2006.txt" - }, - { - "name" : "16565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16565" - }, - { - "name" : "ADV-2006-0494", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0494" - }, - { - "name" : "22989", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22989" - }, - { - "name" : "1015607", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015607" - }, - { - "name" : "18752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18752" - }, - { - "name" : "indexu-application-file-include(24603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16565" + }, + { + "name": "22989", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22989" + }, + { + "name": "18752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18752" + }, + { + "name": "http://echo.or.id/adv/adv26-K-159-2006.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv26-K-159-2006.txt" + }, + { + "name": "indexu-application-file-include(24603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24603" + }, + { + "name": "1015607", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015607" + }, + { + "name": "ADV-2006-0494", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0494" + }, + { + "name": "http://echo.or.id/adv/adv27-K-159-2006.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv27-K-159-2006.txt" + }, + { + "name": "20060209 [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424549/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0801.json b/2006/0xxx/CVE-2006-0801.json index b956f5a1845..502ee7e1496 100644 --- a/2006/0xxx/CVE-2006-0801.json +++ b/2006/0xxx/CVE-2006-0801.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060219 Multiple vulnerabilities in PostNuke <= 0.761", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html" - }, - { - "name" : "http://news.postnuke.com/index.php?name=News&file=article&sid=2754", - "refsource" : "CONFIRM", - "url" : "http://news.postnuke.com/index.php?name=News&file=article&sid=2754" - }, - { - "name" : "16752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16752" - }, - { - "name" : "ADV-2006-0673", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0673" - }, - { - "name" : "18937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18937" - }, - { - "name" : "454", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/454" - }, - { - "name" : "postnuke-nslanguages-sql-injection(24827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0673", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0673" + }, + { + "name": "16752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16752" + }, + { + "name": "http://news.postnuke.com/index.php?name=News&file=article&sid=2754", + "refsource": "CONFIRM", + "url": "http://news.postnuke.com/index.php?name=News&file=article&sid=2754" + }, + { + "name": "postnuke-nslanguages-sql-injection(24827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827" + }, + { + "name": "20060219 Multiple vulnerabilities in PostNuke <= 0.761", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html" + }, + { + "name": "18937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18937" + }, + { + "name": "454", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/454" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1059.json b/2006/1xxx/CVE-2006-1059.json index 149de303b12..c304b8dfe59 100644 --- a/2006/1xxx/CVE-2006-1059.json +++ b/2006/1xxx/CVE-2006-1059.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060330 [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429370/100/0/threaded" - }, - { - "name" : "http://us1.samba.org/samba/security/CAN-2006-1059.html", - "refsource" : "CONFIRM", - "url" : "http://us1.samba.org/samba/security/CAN-2006-1059.html" - }, - { - "name" : "FEDORA-2006-259", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00114.html" - }, - { - "name" : "2006-0018", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0018" - }, - { - "name" : "17314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17314" - }, - { - "name" : "ADV-2006-1179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1179" - }, - { - "name" : "24263", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24263" - }, - { - "name" : "1015850", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015850" - }, - { - "name" : "19455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19455" - }, - { - "name" : "19468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19468" - }, - { - "name" : "19539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19539" - }, - { - "name" : "samba-logfile-account-cleartext(25575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19468" + }, + { + "name": "FEDORA-2006-259", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00114.html" + }, + { + "name": "24263", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24263" + }, + { + "name": "17314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17314" + }, + { + "name": "2006-0018", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0018" + }, + { + "name": "19455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19455" + }, + { + "name": "19539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19539" + }, + { + "name": "ADV-2006-1179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1179" + }, + { + "name": "1015850", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015850" + }, + { + "name": "http://us1.samba.org/samba/security/CAN-2006-1059.html", + "refsource": "CONFIRM", + "url": "http://us1.samba.org/samba/security/CAN-2006-1059.html" + }, + { + "name": "20060330 [SECURITY] Samba 3.0.21-3.0.21c: Exposure of machine account credentials in winbindd log files", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429370/100/0/threaded" + }, + { + "name": "samba-logfile-account-cleartext(25575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25575" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1137.json b/2006/1xxx/CVE-2006-1137.json index 2be0625184c..d5f757e9f9b 100644 --- a/2006/1xxx/CVE-2006-1137.json +++ b/2006/1xxx/CVE-2006-1137.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) \"navigate through the directory\" or (2) a \"file sent to expose TCP/IP ports\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf" - }, - { - "name" : "17014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17014" - }, - { - "name" : "ADV-2006-0857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0857" - }, - { - "name" : "23725", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23725" - }, - { - "name" : "23726", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23726" - }, - { - "name" : "1015738", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015738" - }, - { - "name" : "19146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19146" - }, - { - "name" : "xerox-postscript-navigate-dos(25173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25173" - }, - { - "name" : "xerox-postscript-tcpip-dos(25174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) \"navigate through the directory\" or (2) a \"file sent to expose TCP/IP ports\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23726", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23726" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf" + }, + { + "name": "ADV-2006-0857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0857" + }, + { + "name": "19146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19146" + }, + { + "name": "17014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17014" + }, + { + "name": "xerox-postscript-tcpip-dos(25174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25174" + }, + { + "name": "23725", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23725" + }, + { + "name": "1015738", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015738" + }, + { + "name": "xerox-postscript-navigate-dos(25173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25173" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1968.json b/2006/1xxx/CVE-2006-1968.json index 4cf8b204906..edfa7ca2dee 100644 --- a/2006/1xxx/CVE-2006-1968.json +++ b/2006/1xxx/CVE-2006-1968.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html" - }, - { - "name" : "17628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17628" - }, - { - "name" : "ADV-2006-1440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1440" - }, - { - "name" : "24762", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24762" - }, - { - "name" : "19695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19695" - }, - { - "name" : "portalpack-multiple-xss(25940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "portalpack-multiple-xss(25940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25940" + }, + { + "name": "ADV-2006-1440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1440" + }, + { + "name": "19695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19695" + }, + { + "name": "17628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17628" + }, + { + "name": "24762", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24762" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5291.json b/2006/5xxx/CVE-2006-5291.json index daf3500c218..5942530dc2e 100644 --- a/2006/5xxx/CVE-2006-5291.json +++ b/2006/5xxx/CVE-2006-5291.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 Download-Engine Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448450/100/0/threaded" - }, - { - "name" : "2521", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2521" - }, - { - "name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup" - }, - { - "name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20", - "refsource" : "MISC", - "url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20" - }, - { - "name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26", - "refsource" : "MISC", - "url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26" - }, - { - "name" : "20500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20500" - }, - { - "name" : "ADV-2006-4025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4025" - }, - { - "name" : "22383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22383" - }, - { - "name" : "1723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1723" - }, - { - "name" : "downloadengine-spaw-file-include(29493)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1723" + }, + { + "name": "2521", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2521" + }, + { + "name": "downloadengine-spaw-file-include(29493)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29493" + }, + { + "name": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20", + "refsource": "MISC", + "url": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20" + }, + { + "name": "20500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20500" + }, + { + "name": "ADV-2006-4025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4025" + }, + { + "name": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26", + "refsource": "MISC", + "url": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26" + }, + { + "name": "22383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22383" + }, + { + "name": "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup" + }, + { + "name": "20061012 Download-Engine Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448450/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5529.json b/2006/5xxx/CVE-2006-5529.json index 913373aceca..78400bd83e1 100644 --- a/2006/5xxx/CVE-2006-5529.json +++ b/2006/5xxx/CVE-2006-5529.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20673" - }, - { - "name" : "1017105", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017105", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017105" + }, + { + "name": "20673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20673" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5757.json b/2006/5xxx/CVE-2006-5757.json index e107326ca85..d7f5ee9ca4c 100644 --- a/2006/5xxx/CVE-2006-5757.json +++ b/2006/5xxx/CVE-2006-5757.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "http://projects.info-pull.com/mokb/MOKB-05-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-05-11-2006.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" - }, - { - "name" : "DSA-1304", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1304" - }, - { - "name" : "MDKSA-2007:002", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:002" - }, - { - "name" : "MDKSA-2007:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" - }, - { - "name" : "RHSA-2007:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-416-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-416-1" - }, - { - "name" : "20920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20920" - }, - { - "name" : "oval:org.mitre.oval:def:10111", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10111" - }, - { - "name" : "ADV-2006-4359", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4359" - }, - { - "name" : "22702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22702" - }, - { - "name" : "22746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22746" - }, - { - "name" : "23593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23593" - }, - { - "name" : "23752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23752" - }, - { - "name" : "23997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23997" - }, - { - "name" : "24098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24098" - }, - { - "name" : "24206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24206" - }, - { - "name" : "25714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25714" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "kernel-iso9660-dos(30029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24098" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "20920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20920" + }, + { + "name": "kernel-iso9660-dos(30029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30029" + }, + { + "name": "ADV-2006-4359", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4359" + }, + { + "name": "RHSA-2007:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html" + }, + { + "name": "MDKSA-2007:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" + }, + { + "name": "23593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23593" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" + }, + { + "name": "USN-416-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-416-1" + }, + { + "name": "oval:org.mitre.oval:def:10111", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10111" + }, + { + "name": "23752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23752" + }, + { + "name": "24206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24206" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "22746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22746" + }, + { + "name": "23997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23997" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "MDKSA-2007:002", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:002" + }, + { + "name": "DSA-1304", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1304" + }, + { + "name": "25714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25714" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + }, + { + "name": "22702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22702" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-05-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-05-11-2006.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5855.json b/2006/5xxx/CVE-2006-5855.json index 6069167e18d..f4bf8f784da 100644 --- a/2006/5xxx/CVE-2006-5855.json +++ b/2006/5xxx/CVE-2006-5855.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453544/100/0/threaded" - }, - { - "name" : "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html", - "refsource" : "MISC", - "url" : "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21250261", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21250261" - }, - { - "name" : "IC50347", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347" - }, - { - "name" : "VU#350625", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/350625" - }, - { - "name" : "VU#478753", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/478753" - }, - { - "name" : "VU#887249", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/887249" - }, - { - "name" : "21440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21440" - }, - { - "name" : "ADV-2006-4856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4856" - }, - { - "name" : "1017333", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017333" - }, - { - "name" : "23177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23177" - }, - { - "name" : "1979", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1979" - }, - { - "name" : "tivoli-login-language-bo(30699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699" - }, - { - "name" : "tivoli-registration-message-bo(30702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702" - }, - { - "name" : "tivoli-smexecutewdsfsession-bo(30701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261" + }, + { + "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html", + "refsource": "MISC", + "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html" + }, + { + "name": "tivoli-registration-message-bo(30702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702" + }, + { + "name": "IC50347", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347" + }, + { + "name": "VU#350625", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/350625" + }, + { + "name": "1979", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1979" + }, + { + "name": "ADV-2006-4856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4856" + }, + { + "name": "21440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21440" + }, + { + "name": "VU#887249", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/887249" + }, + { + "name": "1017333", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017333" + }, + { + "name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded" + }, + { + "name": "tivoli-login-language-bo(30699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699" + }, + { + "name": "23177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23177" + }, + { + "name": "tivoli-smexecutewdsfsession-bo(30701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701" + }, + { + "name": "VU#478753", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/478753" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2310.json b/2007/2xxx/CVE-2007-2310.json index 3e426c68f20..d01004e9bd5 100644 --- a/2007/2xxx/CVE-2007-2310.json +++ b/2007/2xxx/CVE-2007-2310.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 bloofoxCMS 0.2.2 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465719/100/0/threaded" - }, - { - "name" : "23487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23487" - }, - { - "name" : "2640", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2640", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2640" + }, + { + "name": "23487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23487" + }, + { + "name": "20070414 bloofoxCMS 0.2.2 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465719/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2389.json b/2007/2xxx/CVE-2007-2389.json index ab888f4c58f..42d95b538a9 100644 --- a/2007/2xxx/CVE-2007-2389.json +++ b/2007/2xxx/CVE-2007-2389.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2007-05-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00005.html" - }, - { - "name" : "VU#434748", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/434748" - }, - { - "name" : "24222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24222" - }, - { - "name" : "ADV-2007-1974", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1974" - }, - { - "name" : "35575", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35575" - }, - { - "name" : "1018136", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018136" - }, - { - "name" : "25130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25130" - }, - { - "name" : "quicktime-applet-information-disclosure(34571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2007-05-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00005.html" + }, + { + "name": "VU#434748", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/434748" + }, + { + "name": "ADV-2007-1974", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1974" + }, + { + "name": "1018136", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018136" + }, + { + "name": "quicktime-applet-information-disclosure(34571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34571" + }, + { + "name": "25130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25130" + }, + { + "name": "35575", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35575" + }, + { + "name": "24222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24222" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2463.json b/2007/2xxx/CVE-2007-2463.json index 3e6a3cdacb9..3ae81bba21e 100644 --- a/2007/2xxx/CVE-2007-2463.json +++ b/2007/2xxx/CVE-2007-2463.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml" - }, - { - "name" : "23768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23768" - }, - { - "name" : "ADV-2007-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1636" - }, - { - "name" : "35332", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35332" - }, - { - "name" : "25109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25109" - }, - { - "name" : "cisco-asa-vpn-dos(34021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml" + }, + { + "name": "35332", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35332" + }, + { + "name": "ADV-2007-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1636" + }, + { + "name": "cisco-asa-vpn-dos(34021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021" + }, + { + "name": "23768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23768" + }, + { + "name": "25109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25109" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0364.json b/2010/0xxx/CVE-2010-0364.json index a50a209edd5..ad76d317355 100644 --- a/2010/0xxx/CVE-2010-0364.json +++ b/2010/0xxx/CVE-2010-0364.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11174", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11174" - }, - { - "name" : "37832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37832" - }, - { - "name" : "oval:org.mitre.oval:def:14342", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342" - }, - { - "name" : "vlcmediaplayer-asas-bo(55717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vlcmediaplayer-asas-bo(55717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717" + }, + { + "name": "37832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37832" + }, + { + "name": "oval:org.mitre.oval:def:14342", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342" + }, + { + "name": "11174", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11174" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0890.json b/2010/0xxx/CVE-2010-0890.json index 9095f8077bb..588ebb8c3b4 100644 --- a/2010/0xxx/CVE-2010-0890.json +++ b/2010/0xxx/CVE-2010-0890.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "242386", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242386-1" - }, - { - "name" : "1019619", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019619.1-1" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "39459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39459" - }, - { - "name" : "oval:org.mitre.oval:def:7594", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7594" - }, - { - "name" : "1023874", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023874" - }, - { - "name" : "39435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39435" - }, - { - "name" : "osps-solaris-unspecified-var3(57758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "osps-solaris-unspecified-var3(57758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57758" + }, + { + "name": "1019619", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019619.1-1" + }, + { + "name": "39459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39459" + }, + { + "name": "39435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39435" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "1023874", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023874" + }, + { + "name": "242386", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242386-1" + }, + { + "name": "oval:org.mitre.oval:def:7594", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7594" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0914.json b/2010/0xxx/CVE-2010-0914.json index bfc16382407..3b106210e0c 100644 --- a/2010/0xxx/CVE-2010-0914.json +++ b/2010/0xxx/CVE-2010-0914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail, Calendar, Address Book, and Instant Messaging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail, Calendar, Address Book, and Instant Messaging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0926.json b/2010/0xxx/CVE-2010-0926.json index edc8f3c4c8a..9997aefd020 100644 --- a/2010/0xxx/CVE-2010-0926.json +++ b/2010/0xxx/CVE-2010-0926.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100204 Re: Samba Remote Zero-Day Exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html" - }, - { - "name" : "20100204 Re: Samba Remote Zero-Day Exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html" - }, - { - "name" : "20100204 Samba Remote Zero-Day Exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html" - }, - { - "name" : "20100205 Re: Samba Remote Zero-Day Exploit", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=126538598820903&w=2" - }, - { - "name" : "[oss-security] 20100205 Re: Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126540402215620&w=2" - }, - { - "name" : "[oss-security] 20100205 Re: Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126540733320471&w=2" - }, - { - "name" : "[oss-security] 20100205 Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126539592603079&w=2" - }, - { - "name" : "[oss-security] 20100206 Re: Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/06/3" - }, - { - "name" : "[oss-security] 20100206 Re: Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126545363428745&w=2" - }, - { - "name" : "[oss-security] 20100305 Re: Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/05/3" - }, - { - "name" : "[oss-security] 20100305 Re: Samba symlink 0day flaw", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126777580624790&w=2" - }, - { - "name" : "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126539387432412&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540100511357&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540277713815&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540290614053&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540248613395&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540376915283&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540475116511&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540477016522&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540539117328&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540608318301&w=2" - }, - { - "name" : "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540695819735&w=2" - }, - { - "name" : "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126540011609753&w=2" - }, - { - "name" : "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126547903723628&w=2" - }, - { - "name" : "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126548356728379&w=2" - }, - { - "name" : "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126549111204428&w=2" - }, - { - "name" : "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=samba-technical&m=126555346721629&w=2" - }, - { - "name" : "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html", - "refsource" : "MISC", - "url" : "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html" - }, - { - "name" : "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4", - "refsource" : "CONFIRM", - "url" : "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4" - }, - { - "name" : "http://www.samba.org/samba/news/symlink_attack.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/news/symlink_attack.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=562568", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=562568" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=7104", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=7104" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126555346721629&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "[oss-security] 20100206 Re: Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/06/3" + }, + { + "name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126549111204428&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540376915283&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540539117328&w=2" + }, + { + "name": "[oss-security] 20100305 Re: Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/05/3" + }, + { + "name": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html", + "refsource": "MISC", + "url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540477016522&w=2" + }, + { + "name": "20100204 Re: Samba Remote Zero-Day Exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540248613395&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540290614053&w=2" + }, + { + "name": "20100205 Re: Samba Remote Zero-Day Exploit", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=126538598820903&w=2" + }, + { + "name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126548356728379&w=2" + }, + { + "name": "[oss-security] 20100206 Re: Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126545363428745&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540475116511&w=2" + }, + { + "name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126539387432412&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540695819735&w=2" + }, + { + "name": "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4", + "refsource": "CONFIRM", + "url": "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4" + }, + { + "name": "[oss-security] 20100305 Re: Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126777580624790&w=2" + }, + { + "name": "20100204 Samba Remote Zero-Day Exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "http://www.samba.org/samba/news/symlink_attack.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/news/symlink_attack.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126547903723628&w=2" + }, + { + "name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540011609753&w=2" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=7104", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=7104" + }, + { + "name": "[oss-security] 20100205 Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126539592603079&w=2" + }, + { + "name": "[oss-security] 20100205 Re: Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126540733320471&w=2" + }, + { + "name": "20100204 Re: Samba Remote Zero-Day Exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540608318301&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540100511357&w=2" + }, + { + "name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.", + "refsource": "MLIST", + "url": "http://marc.info/?l=samba-technical&m=126540277713815&w=2" + }, + { + "name": "[oss-security] 20100205 Re: Samba symlink 0day flaw", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126540402215620&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=562568", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3106.json b/2010/3xxx/CVE-2010-3106.json index ab06559456b..2fbfaeef3e1 100644 --- a/2010/3xxx/CVE-2010-3106.json +++ b/2010/3xxx/CVE-2010-3106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06" - }, - { - "name" : "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=ftwZBxEFjIg~" - }, - { - "name" : "oval:org.mitre.oval:def:12044", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06" + }, + { + "name": "oval:org.mitre.oval:def:12044", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044" + }, + { + "name": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3159.json b/2010/3xxx/CVE-2010-3159.json index e99d7a24077..ca86b7036f5 100644 --- a/2010/3xxx/CVE-2010-3159.json +++ b/2010/3xxx/CVE-2010-3159.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ponsoftware.com/en/", - "refsource" : "MISC", - "url" : "http://www.ponsoftware.com/en/" - }, - { - "name" : "JVN#85599999", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85599999/index.html" - }, - { - "name" : "JVNDB-2010-000043", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2010-000043", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000043.html" + }, + { + "name": "JVN#85599999", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85599999/index.html" + }, + { + "name": "http://www.ponsoftware.com/en/", + "refsource": "MISC", + "url": "http://www.ponsoftware.com/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3479.json b/2010/3xxx/CVE-2010-3479.json index cb598c5f0ec..f661a80047f 100644 --- a/2010/3xxx/CVE-2010-3479.json +++ b/2010/3xxx/CVE-2010-3479.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15049", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15049" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/boutikone-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/boutikone-sql.txt" - }, - { - "name" : "ADV-2010-2436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2436" - }, - { - "name" : "boutikone-list-sql-injection(61911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "boutikone-list-sql-injection(61911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61911" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/boutikone-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/boutikone-sql.txt" + }, + { + "name": "ADV-2010-2436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2436" + }, + { + "name": "15049", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15049" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3598.json b/2010/3xxx/CVE-2010-3598.json index c489d632896..f4a34f18d0c 100644 --- a/2010/3xxx/CVE-2010-3598.json +++ b/2010/3xxx/CVE-2010-3598.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45846" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42976" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "oracle-document-utility-unauth-access(64771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "45846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45846" + }, + { + "name": "oracle-document-utility-unauth-access(64771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64771" + }, + { + "name": "42976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42976" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3962.json b/2010/3xxx/CVE-2010-3962.json index 18f155aaad6..6c6e01a206e 100644 --- a/2010/3xxx/CVE-2010-3962.json +++ b/2010/3xxx/CVE-2010-3962.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15418", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15418" - }, - { - "name" : "15421", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15421" - }, - { - "name" : "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks", - "refsource" : "MISC", - "url" : "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks" - }, - { - "name" : "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/2458511.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/2458511.mspx" - }, - { - "name" : "MS10-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "VU#899748", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/899748" - }, - { - "name" : "44536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44536" - }, - { - "name" : "oval:org.mitre.oval:def:12279", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279" - }, - { - "name" : "1024676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024676" - }, - { - "name" : "42091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42091" - }, - { - "name" : "ADV-2010-2880", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2880" - }, - { - "name" : "ms-ie-flag-code-execution(62962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an \"invalid flag reference\" issue or \"Uninitialized Memory Corruption Vulnerability,\" as exploited in the wild in November 2010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44536" + }, + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" + }, + { + "name": "VU#899748", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/899748" + }, + { + "name": "42091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42091" + }, + { + "name": "ADV-2010-2880", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2880" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/2458511.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/2458511.mspx" + }, + { + "name": "1024676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024676" + }, + { + "name": "15421", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15421" + }, + { + "name": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks", + "refsource": "MISC", + "url": "http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks" + }, + { + "name": "ms-ie-flag-code-execution(62962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62962" + }, + { + "name": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx" + }, + { + "name": "oval:org.mitre.oval:def:12279", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12279" + }, + { + "name": "15418", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15418" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4316.json b/2010/4xxx/CVE-2010-4316.json index 279bc26f275..cc6542139ac 100644 --- a/2010/4xxx/CVE-2010-4316.json +++ b/2010/4xxx/CVE-2010-4316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4744.json b/2010/4xxx/CVE-2010-4744.json index 7bd9d442b71..46e721e352c 100644 --- a/2010/4xxx/CVE-2010-4744.json +++ b/2010/4xxx/CVE-2010-4744.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014" - }, - { - "name" : "http://moinejf.free.fr/abcm2ps-5.txt", - "refsource" : "CONFIRM", - "url" : "http://moinejf.free.fr/abcm2ps-5.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=600729", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=600729" - }, - { - "name" : "FEDORA-2011-1092", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html" - }, - { - "name" : "FEDORA-2011-1851", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html" - }, - { - "name" : "43338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43338" - }, - { - "name" : "ADV-2011-0390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-1851", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html" + }, + { + "name": "ADV-2011-0390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0390" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=600729", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600729" + }, + { + "name": "43338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43338" + }, + { + "name": "FEDORA-2011-1092", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html" + }, + { + "name": "http://moinejf.free.fr/abcm2ps-5.txt", + "refsource": "CONFIRM", + "url": "http://moinejf.free.fr/abcm2ps-5.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0687.json b/2014/0xxx/CVE-2014-0687.json index 9cd1cab8667..3ed94dce43b 100644 --- a/2014/0xxx/CVE-2014-0687.json +++ b/2014/0xxx/CVE-2014-0687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4058.json b/2014/4xxx/CVE-2014-4058.json index 30ca816d71b..ccdf57b585e 100644 --- a/2014/4xxx/CVE-2014-4058.json +++ b/2014/4xxx/CVE-2014-4058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69131" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69131" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4162.json b/2014/4xxx/CVE-2014-4162.json index ee7d2866c15..6b2e70f68ca 100644 --- a/2014/4xxx/CVE-2014-4162.json +++ b/2014/4xxx/CVE-2014-4162.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33518", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33518" - }, - { - "name" : "http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html" - }, - { - "name" : "107449", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/107449" - }, - { - "name" : "58513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33518", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33518" + }, + { + "name": "http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html" + }, + { + "name": "58513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58513" + }, + { + "name": "107449", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/107449" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4612.json b/2014/4xxx/CVE-2014-4612.json index f6198e49d68..4cbbe5aea7f 100644 --- a/2014/4xxx/CVE-2014-4612.json +++ b/2014/4xxx/CVE-2014-4612.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/608" - }, - { - "name" : "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/620" - }, - { - "name" : "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html" - }, - { - "name" : "http://sourceforge.net/p/coppermine/code/8674", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/coppermine/code/8674" - }, - { - "name" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt" - }, - { - "name" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt" - }, - { - "name" : "68140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68140" + }, + { + "name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/608" + }, + { + "name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/620" + }, + { + "name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt" + }, + { + "name": "http://sourceforge.net/p/coppermine/code/8674", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/coppermine/code/8674" + }, + { + "name": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html", + "refsource": "CONFIRM", + "url": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html" + }, + { + "name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8063.json b/2014/8xxx/CVE-2014-8063.json index 9b457a6fb65..00d2e3567cd 100644 --- a/2014/8xxx/CVE-2014-8063.json +++ b/2014/8xxx/CVE-2014-8063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8063", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8063", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8193.json b/2014/8xxx/CVE-2014-8193.json index 8f05571b90b..7f891a89820 100644 --- a/2014/8xxx/CVE-2014-8193.json +++ b/2014/8xxx/CVE-2014-8193.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8193", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8193", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8286.json b/2014/8xxx/CVE-2014-8286.json index 761382ecbf0..8e0f3a43b8f 100644 --- a/2014/8xxx/CVE-2014-8286.json +++ b/2014/8xxx/CVE-2014-8286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8286", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8286", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8876.json b/2014/8xxx/CVE-2014-8876.json index f5127fb372d..e30d287ed8e 100644 --- a/2014/8xxx/CVE-2014-8876.json +++ b/2014/8xxx/CVE-2014-8876.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8876", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8876", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9071.json b/2014/9xxx/CVE-2014-9071.json index cb2586df298..540e98b654a 100644 --- a/2014/9xxx/CVE-2014-9071.json +++ b/2014/9xxx/CVE-2014-9071.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9071", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9071", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9571.json b/2014/9xxx/CVE-2014-9571.json index c49f6a1105a..de5403319f2 100644 --- a/2014/9xxx/CVE-2014-9571.json +++ b/2014/9xxx/CVE-2014-9571.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150117 CVE-2014-9571: XSS in install.php", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/156" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23243", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23243" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/132cd6d0", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/132cd6d0" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/6d47c047", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/6d47c047" - }, - { - "name" : "https://www.mantisbt.org/bugs/view.php?id=17937", - "refsource" : "CONFIRM", - "url" : "https://www.mantisbt.org/bugs/view.php?id=17937" - }, - { - "name" : "https://www.mantisbt.org/bugs/view.php?id=17938", - "refsource" : "CONFIRM", - "url" : "https://www.mantisbt.org/bugs/view.php?id=17938" - }, - { - "name" : "1031633", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031633" - }, - { - "name" : "mantisbt-cve20149571-xss(100209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031633", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031633" + }, + { + "name": "mantisbt-cve20149571-xss(100209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100209" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/132cd6d0", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/132cd6d0" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/6d47c047", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/6d47c047" + }, + { + "name": "https://www.mantisbt.org/bugs/view.php?id=17938", + "refsource": "CONFIRM", + "url": "https://www.mantisbt.org/bugs/view.php?id=17938" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23243", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23243" + }, + { + "name": "[oss-security] 20150117 CVE-2014-9571: XSS in install.php", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/156" + }, + { + "name": "https://www.mantisbt.org/bugs/view.php?id=17937", + "refsource": "CONFIRM", + "url": "https://www.mantisbt.org/bugs/view.php?id=17937" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2766.json b/2016/2xxx/CVE-2016-2766.json index 103ec4a2124..ac982564c8c 100644 --- a/2016/2xxx/CVE-2016-2766.json +++ b/2016/2xxx/CVE-2016-2766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2766", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2766", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3030.json b/2016/3xxx/CVE-2016-3030.json index beca4072027..963cc5a8d58 100644 --- a/2016/3xxx/CVE-2016-3030.json +++ b/2016/3xxx/CVE-2016-3030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3082.json b/2016/3xxx/CVE-2016-3082.json index a6d8faccad1..62b87da7ed9 100644 --- a/2016/3xxx/CVE-2016-3082.json +++ b/2016/3xxx/CVE-2016-3082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://struts.apache.org/docs/s2-031.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/docs/s2-031.html" - }, - { - "name" : "88826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/88826" - }, - { - "name" : "1035664", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "88826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/88826" + }, + { + "name": "http://struts.apache.org/docs/s2-031.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/docs/s2-031.html" + }, + { + "name": "1035664", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035664" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3510.json b/2016/3xxx/CVE-2016-3510.json index ff879540da9..cf05f7d7252 100644 --- a/2016/3xxx/CVE-2016-3510.json +++ b/2016/3xxx/CVE-2016-3510.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-21", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "1036373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036373" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-21", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-21" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3695.json b/2016/3xxx/CVE-2016-3695.json index b274124a8d1..53cac9b1ed7 100644 --- a/2016/3xxx/CVE-2016-3695.json +++ b/2016/3xxx/CVE-2016-3695.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1322755", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1322755" - }, - { - "name" : "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420", - "refsource" : "CONFIRM", - "url" : "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420" - }, - { - "name" : "102327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322755" + }, + { + "name": "102327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102327" + }, + { + "name": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420", + "refsource": "CONFIRM", + "url": "https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3720.json b/2016/3xxx/CVE-2016-3720.json index 879457624bc..725367a4a64 100644 --- a/2016/3xxx/CVE-2016-3720.json +++ b/2016/3xxx/CVE-2016-3720.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2016-13b4cae9df", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-13b4cae9df", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3927.json b/2016/3xxx/CVE-2016-3927.json index ae7fcb21233..35eb87ff45c 100644 --- a/2016/3xxx/CVE-2016-3927.json +++ b/2016/3xxx/CVE-2016-3927.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "93333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93333" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6172.json b/2016/6xxx/CVE-2016-6172.json index 837362bdad1..3a7f7b84878 100644 --- a/2016/6xxx/CVE-2016-6172.json +++ b/2016/6xxx/CVE-2016-6172.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dns-operations] 20160704 DNS activities in Japan", - "refsource" : "MLIST", - "url" : "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html" - }, - { - "name" : "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/06/3" - }, - { - "name" : "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/sischkg/xfer-limit/blob/master/README.md" - }, - { - "name" : "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401", - "refsource" : "CONFIRM", - "url" : "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401" - }, - { - "name" : "https://github.com/PowerDNS/pdns/issues/4128", - "refsource" : "CONFIRM", - "url" : "https://github.com/PowerDNS/pdns/issues/4128" - }, - { - "name" : "https://github.com/PowerDNS/pdns/issues/4133", - "refsource" : "CONFIRM", - "url" : "https://github.com/PowerDNS/pdns/issues/4133" - }, - { - "name" : "https://github.com/PowerDNS/pdns/pull/4134", - "refsource" : "CONFIRM", - "url" : "https://github.com/PowerDNS/pdns/pull/4134" - }, - { - "name" : "DSA-3664", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3664" - }, - { - "name" : "openSUSE-SU-2016:2116", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html" - }, - { - "name" : "91678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91678" - }, - { - "name" : "1036242", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401", + "refsource": "CONFIRM", + "url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401" + }, + { + "name": "DSA-3664", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3664" + }, + { + "name": "1036242", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036242" + }, + { + "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3" + }, + { + "name": "https://github.com/PowerDNS/pdns/issues/4128", + "refsource": "CONFIRM", + "url": "https://github.com/PowerDNS/pdns/issues/4128" + }, + { + "name": "https://github.com/PowerDNS/pdns/issues/4133", + "refsource": "CONFIRM", + "url": "https://github.com/PowerDNS/pdns/issues/4133" + }, + { + "name": "91678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91678" + }, + { + "name": "[dns-operations] 20160704 DNS activities in Japan", + "refsource": "MLIST", + "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html" + }, + { + "name": "https://github.com/PowerDNS/pdns/pull/4134", + "refsource": "CONFIRM", + "url": "https://github.com/PowerDNS/pdns/pull/4134" + }, + { + "name": "openSUSE-SU-2016:2116", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html" + }, + { + "name": "https://github.com/sischkg/xfer-limit/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6465.json b/2016/6xxx/CVE-2016-6465.json index 0f66ae524b2..60ccdd2717c 100644 --- a/2016/6xxx/CVE-2016-6465.json +++ b/2016/6xxx/CVE-2016-6465.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco AsyncOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco AsyncOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco AsyncOS", + "version": { + "version_data": [ + { + "version_value": "Cisco AsyncOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa" - }, - { - "name" : "94901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94901" - }, - { - "name" : "1037404", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037404", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037404" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa" + }, + { + "name": "94901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94901" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6508.json b/2016/6xxx/CVE-2016-6508.json index 797c5c50176..5f788755fa7 100644 --- a/2016/6xxx/CVE-2016-6508.json +++ b/2016/6xxx/CVE-2016-6508.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/28/3" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-44.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb" - }, - { - "name" : "DSA-3648", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3648" - }, - { - "name" : "1036480", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/28/3" + }, + { + "name": "DSA-3648", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3648" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-44.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-44.html" + }, + { + "name": "1036480", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036480" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6747.json b/2016/6xxx/CVE-2016-6747.json index 04a8cd52772..a99945ead51 100644 --- a/2016/6xxx/CVE-2016-6747.json +++ b/2016/6xxx/CVE-2016-6747.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94212" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6789.json b/2016/6xxx/CVE-2016-6789.json index c1f84670602..0258c557210 100644 --- a/2016/6xxx/CVE-2016-6789.json +++ b/2016/6xxx/CVE-2016-6789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "94678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94678" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7107.json b/2016/7xxx/CVE-2016-7107.json index 23131b683b4..8c90f3c34aa 100644 --- a/2016/7xxx/CVE-2016-7107.json +++ b/2016/7xxx/CVE-2016-7107.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en" - }, - { - "name" : "92619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en" + }, + { + "name": "92619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92619" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7416.json b/2016/7xxx/CVE-2016-7416.json index dc04c4ad57a..d2222670f38 100644 --- a/2016/7xxx/CVE-2016-7416.json +++ b/2016/7xxx/CVE-2016-7416.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/15/10" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73007", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73007" - }, - { - "name" : "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2018:1296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1296" - }, - { - "name" : "93008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93008" - }, - { - "name" : "1036836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93008" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "1036836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036836" + }, + { + "name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10" + }, + { + "name": "RHSA-2018:1296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1296" + }, + { + "name": "https://bugs.php.net/bug.php?id=73007", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73007" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7607.json b/2016/7xxx/CVE-2016-7607.json index 8013d8e3b73..22784f8c1cb 100644 --- a/2016/7xxx/CVE-2016-7607.json +++ b/2016/7xxx/CVE-2016-7607.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7665.json b/2016/7xxx/CVE-2016-7665.json index 5b0e29ec7ed..a51ad7f58c4 100644 --- a/2016/7xxx/CVE-2016-7665.json +++ b/2016/7xxx/CVE-2016-7665.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Graphics Driver\" component, which allows remote attackers to cause a denial of service via a crafted video." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "94850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94850" - }, - { - "name" : "1037429", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Graphics Driver\" component, which allows remote attackers to cause a denial of service via a crafted video." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "1037429", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037429" + }, + { + "name": "94850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94850" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7855.json b/2016/7xxx/CVE-2016-7855.json index 6e7b59b4eca..2da522a9cd2 100644 --- a/2016/7xxx/CVE-2016-7855.json +++ b/2016/7xxx/CVE-2016-7855.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "MS16-128", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128" - }, - { - "name" : "RHSA-2016:2119", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2119.html" - }, - { - "name" : "93861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93861" - }, - { - "name" : "1037111", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "MS16-128", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128" + }, + { + "name": "1037111", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037111" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html" + }, + { + "name": "RHSA-2016:2119", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html" + }, + { + "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html" + }, + { + "name": "93861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93861" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8437.json b/2016/8xxx/CVE-2016-8437.json index 769aacbe22a..5b2a5c84c85 100644 --- a/2016/8xxx/CVE-2016-8437.json +++ b/2016/8xxx/CVE-2016-8437.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95227" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8590.json b/2016/8xxx/CVE-2016-8590.json index f757c94add9..d77115ca002 100644 --- a/2016/8xxx/CVE-2016-8590.json +++ b/2016/8xxx/CVE-2016-8590.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/142218/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dlp.cgi-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142218/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dlp.cgi-Remote-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/142218/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dlp.cgi-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142218/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dlp.cgi-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file