From b6434d3c7dcf341f9a339e2dc3f4961b1c39c86e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:08:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0030.json | 260 +++++++++--------- 2006/0xxx/CVE-2006-0037.json | 180 ++++++------- 2006/0xxx/CVE-2006-0695.json | 160 +++++------ 2006/1xxx/CVE-2006-1279.json | 170 ++++++------ 2006/1xxx/CVE-2006-1356.json | 160 +++++------ 2006/1xxx/CVE-2006-1379.json | 140 +++++----- 2006/1xxx/CVE-2006-1401.json | 160 +++++------ 2006/1xxx/CVE-2006-1689.json | 200 +++++++------- 2006/1xxx/CVE-2006-1864.json | 510 +++++++++++++++++------------------ 2006/5xxx/CVE-2006-5564.json | 140 +++++----- 2006/5xxx/CVE-2006-5796.json | 190 ++++++------- 2006/5xxx/CVE-2006-5936.json | 170 ++++++------ 2007/2xxx/CVE-2007-2795.json | 140 +++++----- 2010/0xxx/CVE-2010-0019.json | 130 ++++----- 2010/0xxx/CVE-2010-0757.json | 160 +++++------ 2010/0xxx/CVE-2010-0908.json | 120 ++++----- 2010/0xxx/CVE-2010-0910.json | 120 ++++----- 2010/1xxx/CVE-2010-1152.json | 230 ++++++++-------- 2010/1xxx/CVE-2010-1196.json | 380 +++++++++++++------------- 2010/1xxx/CVE-2010-1733.json | 150 +++++------ 2010/3xxx/CVE-2010-3377.json | 120 ++++----- 2010/3xxx/CVE-2010-3437.json | 350 ++++++++++++------------ 2010/3xxx/CVE-2010-3689.json | 300 ++++++++++----------- 2010/3xxx/CVE-2010-3795.json | 160 +++++------ 2010/4xxx/CVE-2010-4006.json | 170 ++++++------ 2010/4xxx/CVE-2010-4120.json | 280 +++++++++---------- 2010/4xxx/CVE-2010-4543.json | 280 +++++++++---------- 2010/4xxx/CVE-2010-4573.json | 190 ++++++------- 2010/4xxx/CVE-2010-4574.json | 180 ++++++------- 2010/4xxx/CVE-2010-4910.json | 170 ++++++------ 2014/0xxx/CVE-2014-0161.json | 34 +-- 2014/0xxx/CVE-2014-0428.json | 430 ++++++++++++++--------------- 2014/3xxx/CVE-2014-3972.json | 120 ++++----- 2014/4xxx/CVE-2014-4052.json | 160 +++++------ 2014/4xxx/CVE-2014-4083.json | 150 +++++------ 2014/4xxx/CVE-2014-4100.json | 150 +++++------ 2014/4xxx/CVE-2014-4358.json | 34 +-- 2014/4xxx/CVE-2014-4425.json | 160 +++++------ 2014/4xxx/CVE-2014-4994.json | 140 +++++----- 2014/8xxx/CVE-2014-8337.json | 34 +-- 2014/8xxx/CVE-2014-8387.json | 150 +++++------ 2014/8xxx/CVE-2014-8633.json | 34 +-- 2014/8xxx/CVE-2014-8635.json | 370 ++++++++++++------------- 2014/8xxx/CVE-2014-8991.json | 170 ++++++------ 2014/9xxx/CVE-2014-9183.json | 120 ++++----- 2014/9xxx/CVE-2014-9293.json | 320 +++++++++++----------- 2014/9xxx/CVE-2014-9982.json | 34 +-- 2016/2xxx/CVE-2016-2584.json | 34 +-- 2016/3xxx/CVE-2016-3112.json | 160 +++++------ 2016/3xxx/CVE-2016-3472.json | 150 +++++------ 2016/3xxx/CVE-2016-3563.json | 150 +++++------ 2016/3xxx/CVE-2016-3988.json | 120 ++++----- 2016/6xxx/CVE-2016-6185.json | 250 ++++++++--------- 2016/6xxx/CVE-2016-6240.json | 170 ++++++------ 2016/6xxx/CVE-2016-6670.json | 130 ++++----- 2016/7xxx/CVE-2016-7094.json | 190 ++++++------- 2016/7xxx/CVE-2016-7147.json | 150 +++++------ 2016/7xxx/CVE-2016-7480.json | 190 ++++++------- 2016/7xxx/CVE-2016-7704.json | 34 +-- 2016/7xxx/CVE-2016-7898.json | 34 +-- 60 files changed, 5221 insertions(+), 5221 deletions(-) diff --git a/2006/0xxx/CVE-2006-0030.json b/2006/0xxx/CVE-2006-0030.json index 6a030a50ea8..4ae483f84d0 100644 --- a/2006/0xxx/CVE-2006-0030.json +++ b/2006/0xxx/CVE-2006-0030.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm" - }, - { - "name" : "MS06-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012" - }, - { - "name" : "TA06-073A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-073A.html" - }, - { - "name" : "VU#123222", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/123222" - }, - { - "name" : "16181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16181" - }, - { - "name" : "ADV-2006-0950", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0950" - }, - { - "name" : "23901", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23901" - }, - { - "name" : "oval:org.mitre.oval:def:1401", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1401" - }, - { - "name" : "oval:org.mitre.oval:def:1510", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1510" - }, - { - "name" : "oval:org.mitre.oval:def:1630", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1630" - }, - { - "name" : "oval:org.mitre.oval:def:1666", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1666" - }, - { - "name" : "1015766", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015766" - }, - { - "name" : "19138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19138" - }, - { - "name" : "19238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19238" - }, - { - "name" : "excel-graphic-bo(25229)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0950", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0950" + }, + { + "name": "oval:org.mitre.oval:def:1510", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1510" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm" + }, + { + "name": "oval:org.mitre.oval:def:1630", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1630" + }, + { + "name": "19238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19238" + }, + { + "name": "excel-graphic-bo(25229)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25229" + }, + { + "name": "oval:org.mitre.oval:def:1401", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1401" + }, + { + "name": "oval:org.mitre.oval:def:1666", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1666" + }, + { + "name": "TA06-073A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-073A.html" + }, + { + "name": "16181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16181" + }, + { + "name": "19138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19138" + }, + { + "name": "23901", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23901" + }, + { + "name": "1015766", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015766" + }, + { + "name": "VU#123222", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/123222" + }, + { + "name": "MS06-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0037.json b/2006/0xxx/CVE-2006-0037.json index 030802d157b..e5c3d98dcee 100644 --- a/2006/0xxx/CVE-2006-0037.json +++ b/2006/0xxx/CVE-2006-0037.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710" - }, - { - "name" : "2006-0004", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0004" - }, - { - "name" : "16414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16414" - }, - { - "name" : "ADV-2006-0220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0220" - }, - { - "name" : "18482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18482" - }, - { - "name" : "388", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/388" - }, - { - "name" : "kernel-pptpnathelper-dos(24204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0220" + }, + { + "name": "16414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16414" + }, + { + "name": "388", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/388" + }, + { + "name": "2006-0004", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0004" + }, + { + "name": "kernel-pptpnathelper-dos(24204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24204" + }, + { + "name": "18482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18482" + }, + { + "name": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710", + "refsource": "CONFIRM", + "url": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0695.json b/2006/0xxx/CVE-2006-0695.json index ad651ff0bd0..dd86edbef05 100644 --- a/2006/0xxx/CVE-2006-0695.json +++ b/2006/0xxx/CVE-2006-0695.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=392826", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=392826" - }, - { - "name" : "16603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16603" - }, - { - "name" : "ADV-2006-0536", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0536" - }, - { - "name" : "18810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18810" - }, - { - "name" : "ansilove-filename-code-execution(24684)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ansilove-filename-code-execution(24684)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24684" + }, + { + "name": "ADV-2006-0536", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0536" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=392826", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=392826" + }, + { + "name": "16603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16603" + }, + { + "name": "18810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18810" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1279.json b/2006/1xxx/CVE-2006-1279.json index 4d7f270691c..f5f697cd5fa 100644 --- a/2006/1xxx/CVE-2006-1279.json +++ b/2006/1xxx/CVE-2006-1279.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555" - }, - { - "name" : "17177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17177" - }, - { - "name" : "ADV-2006-0946", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0946" - }, - { - "name" : "23865", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23865" - }, - { - "name" : "19211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19211" - }, - { - "name" : "cgisession-cgisess-information-disclosure(25285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23865", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23865" + }, + { + "name": "17177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17177" + }, + { + "name": "ADV-2006-0946", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0946" + }, + { + "name": "cgisession-cgisess-information-disclosure(25285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25285" + }, + { + "name": "19211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19211" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1356.json b/2006/1xxx/CVE-2006-1356.json index 1b5afac772c..49260bff406 100644 --- a/2006/1xxx/CVE-2006-1356.json +++ b/2006/1xxx/CVE-2006-1356.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/23/23985-libvc.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/23/23985-libvc.txt" - }, - { - "name" : "17237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17237" - }, - { - "name" : "23985", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23985" - }, - { - "name" : "19295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19295" - }, - { - "name" : "libvc-vc-bo(25430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osvdb.org/ref/23/23985-libvc.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/23/23985-libvc.txt" + }, + { + "name": "libvc-vc-bo(25430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25430" + }, + { + "name": "23985", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23985" + }, + { + "name": "19295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19295" + }, + { + "name": "17237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17237" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1379.json b/2006/1xxx/CVE-2006-1379.json index dc0033dd4a3..4fad6c79313 100644 --- a/2006/1xxx/CVE-2006-1379.json +++ b/2006/1xxx/CVE-2006-1379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", - "refsource" : "MISC", - "url" : "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english" - }, - { - "name" : "ADV-2006-1042", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1042" - }, - { - "name" : "19282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", + "refsource": "MISC", + "url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english" + }, + { + "name": "19282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19282" + }, + { + "name": "ADV-2006-1042", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1042" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1401.json b/2006/1xxx/CVE-2006-1401.json index 2f68f2b442f..b2e42fa3960 100644 --- a/2006/1xxx/CVE-2006-1401.json +++ b/2006/1xxx/CVE-2006-1401.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17240" - }, - { - "name" : "ADV-2006-1109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1109" - }, - { - "name" : "24161", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24161" - }, - { - "name" : "19393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19393" - }, - { - "name" : "calendarexpress-search-xss(25467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17240" + }, + { + "name": "calendarexpress-search-xss(25467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25467" + }, + { + "name": "19393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19393" + }, + { + "name": "ADV-2006-1109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1109" + }, + { + "name": "24161", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24161" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1689.json b/2006/1xxx/CVE-2006-1689.json index f012e5a2b37..b7e1335ce63 100644 --- a/2006/1xxx/CVE-2006-1689.json +++ b/2006/1xxx/CVE-2006-1689.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02111", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/430411/100/0/threaded" - }, - { - "name" : "SSRT061132", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/430411/100/0/threaded" - }, - { - "name" : "17400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17400" - }, - { - "name" : "ADV-2006-1272", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1272" - }, - { - "name" : "24449", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24449" - }, - { - "name" : "oval:org.mitre.oval:def:1754", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1754" - }, - { - "name" : "1015874", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015874" - }, - { - "name" : "19560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19560" - }, - { - "name" : "hpux-su-ldap-privilege-escalation(25691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015874", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015874" + }, + { + "name": "oval:org.mitre.oval:def:1754", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1754" + }, + { + "name": "17400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17400" + }, + { + "name": "SSRT061132", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/430411/100/0/threaded" + }, + { + "name": "ADV-2006-1272", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1272" + }, + { + "name": "hpux-su-ldap-privilege-escalation(25691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25691" + }, + { + "name": "HPSBUX02111", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/430411/100/0/threaded" + }, + { + "name": "19560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19560" + }, + { + "name": "24449", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24449" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1864.json b/2006/1xxx/CVE-2006-1864.json index 689c5977c0b..f03be8c67c0 100644 --- a/2006/1xxx/CVE-2006-1864.json +++ b/2006/1xxx/CVE-2006-1864.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\" sequences, a similar vulnerability to CVE-2006-1863." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded" - }, - { - "name" : "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451419/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451426/100/200/threaded" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html" - }, - { - "name" : "DSA-1097", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1097" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "MDKSA-2006:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" - }, - { - "name" : "MDKSA-2006:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "RHSA-2006:0579", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0579.html" - }, - { - "name" : "RHSA-2006:0580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0580.html" - }, - { - "name" : "RHSA-2006:0710", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0710.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "2006-0026", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0026" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17735" - }, - { - "name" : "oval:org.mitre.oval:def:11327", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11327" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "ADV-2006-4502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4502" - }, - { - "name" : "25067", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25067" - }, - { - "name" : "19869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19869" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "20671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20671" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "21035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21035" - }, - { - "name" : "21614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21614" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "22497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22497" - }, - { - "name" : "22875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22875" - }, - { - "name" : "23064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23064" - }, - { - "name" : "21476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21476" - }, - { - "name" : "kernel-smbfs-directory-traversal(26137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\" sequences, a similar vulnerability to CVE-2006-1863." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "oval:org.mitre.oval:def:11327", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11327" + }, + { + "name": "19869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19869" + }, + { + "name": "ADV-2006-4502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4502" + }, + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "RHSA-2006:0579", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "22875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22875" + }, + { + "name": "25067", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25067" + }, + { + "name": "21476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21476" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "MDKSA-2006:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" + }, + { + "name": "http://www.vmware.com/download/esx/esx-202-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "MDKSA-2006:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" + }, + { + "name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded" + }, + { + "name": "21614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21614" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435" + }, + { + "name": "21035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21035" + }, + { + "name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html" + }, + { + "name": "DSA-1097", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1097" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "17735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17735" + }, + { + "name": "2006-0026", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0026" + }, + { + "name": "RHSA-2006:0580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0580.html" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "23064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23064" + }, + { + "name": "http://www.vmware.com/download/esx/esx-254-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" + }, + { + "name": "22497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22497" + }, + { + "name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded" + }, + { + "name": "RHSA-2006:0710", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0710.html" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded" + }, + { + "name": "kernel-smbfs-directory-traversal(26137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26137" + }, + { + "name": "20671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20671" + }, + { + "name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5564.json b/2006/5xxx/CVE-2006-5564.json index 7fb7c911e8e..5179ae85a75 100644 --- a/2006/5xxx/CVE-2006-5564.json +++ b/2006/5xxx/CVE-2006-5564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20752" - }, - { - "name" : "ADV-2006-4195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4195" - }, - { - "name" : "22564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20752" + }, + { + "name": "ADV-2006-4195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4195" + }, + { + "name": "22564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22564" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5796.json b/2006/5xxx/CVE-2006-5796.json index b182a619e6d..75648703448 100644 --- a/2006/5xxx/CVE-2006-5796.json +++ b/2006/5xxx/CVE-2006-5796.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 Soholaunch Pro <=4.9 r36 Multiple Remote File", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116283614914510&w=2" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv57-theday-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv57-theday-2006.txt" - }, - { - "name" : "2724", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2724" - }, - { - "name" : "ADV-2006-4377", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4377" - }, - { - "name" : "30237", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=30237" - }, - { - "name" : "30238", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30238" - }, - { - "name" : "22735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22735" - }, - { - "name" : "soholaunch-session-file-include(30032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22735" + }, + { + "name": "30237", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=30237" + }, + { + "name": "soholaunch-session-file-include(30032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30032" + }, + { + "name": "ADV-2006-4377", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4377" + }, + { + "name": "2724", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2724" + }, + { + "name": "30238", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30238" + }, + { + "name": "http://advisories.echo.or.id/adv/adv57-theday-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv57-theday-2006.txt" + }, + { + "name": "20061106 Soholaunch Pro <=4.9 r36 Multiple Remote File", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116283614914510&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5936.json b/2006/5xxx/CVE-2006-5936.json index 0a7cbf8f440..93d53d71203 100644 --- a/2006/5xxx/CVE-2006-5936.json +++ b/2006/5xxx/CVE-2006-5936.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 SiteXpress SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451506/100/0/threaded" - }, - { - "name" : "21059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21059" - }, - { - "name" : "ADV-2006-4527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4527" - }, - { - "name" : "22899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22899" - }, - { - "name" : "1870", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1870" - }, - { - "name" : "sitexpress-dept-sql-injection(30265)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22899" + }, + { + "name": "ADV-2006-4527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4527" + }, + { + "name": "sitexpress-dept-sql-injection(30265)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30265" + }, + { + "name": "20061113 SiteXpress SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451506/100/0/threaded" + }, + { + "name": "21059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21059" + }, + { + "name": "1870", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1870" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2795.json b/2007/2xxx/CVE-2007-2795.json index 6582019ca11..eee0c44cda3 100644 --- a/2007/2xxx/CVE-2007-2795.json +++ b/2007/2xxx/CVE-2007-2795.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-042/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-042/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-043/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-043/" - }, - { - "name" : "http://www.ipswitch.com/support/imail/releases/im200621.asp", - "refsource" : "CONFIRM", - "url" : "http://www.ipswitch.com/support/imail/releases/im200621.asp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-042/" + }, + { + "name": "http://www.ipswitch.com/support/imail/releases/im200621.asp", + "refsource": "CONFIRM", + "url": "http://www.ipswitch.com/support/imail/releases/im200621.asp" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-043/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0019.json b/2010/0xxx/CVE-2010-0019.json index adf0ea8972a..bc7555cba6f 100644 --- a/2010/0xxx/CVE-2010-0019.json +++ b/2010/0xxx/CVE-2010-0019.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka \"Microsoft Silverlight Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0757.json b/2010/0xxx/CVE-2010-0757.json index c22f6e1251f..8f587379263 100644 --- a/2010/0xxx/CVE-2010-0757.json +++ b/2010/0xxx/CVE-2010-0757.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt" - }, - { - "name" : "11560", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11560" - }, - { - "name" : "38386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38386" - }, - { - "name" : "62648", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62648" - }, - { - "name" : "wikyblog-index-file-upload(56517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38386" + }, + { + "name": "wikyblog-index-file-upload(56517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56517" + }, + { + "name": "62648", + "refsource": "OSVDB", + "url": "http://osvdb.org/62648" + }, + { + "name": "11560", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11560" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0908.json b/2010/0xxx/CVE-2010-0908.json index 6b1f876e7d8..088c5cf78f0 100644 --- a/2010/0xxx/CVE-2010-0908.json +++ b/2010/0xxx/CVE-2010-0908.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0910.json b/2010/0xxx/CVE-2010-0910.json index f8b2eb3cfa6..b344fc1ac96 100644 --- a/2010/0xxx/CVE-2010-0910.json +++ b/2010/0xxx/CVE-2010-0910.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1152.json b/2010/1xxx/CVE-2010-1152.json index 2905415a2fb..4703556ddb4 100644 --- a/2010/1xxx/CVE-2010-1152.json +++ b/2010/1xxx/CVE-2010-1152.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100408 CVE request -- memcached", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127074597129559&w=2" - }, - { - "name" : "[oss-security] 20100408 Re: CVE request -- memcached", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127075808518733&w=2" - }, - { - "name" : "[oss-security] 20100408 Re: CVE request -- memcached", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127075341110616&w=2" - }, - { - "name" : "http://code.google.com/p/memcached/issues/detail?id=102", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/memcached/issues/detail?id=102" - }, - { - "name" : "http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9", - "refsource" : "CONFIRM", - "url" : "http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9" - }, - { - "name" : "http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719", - "refsource" : "CONFIRM", - "url" : "http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719" - }, - { - "name" : "http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached" - }, - { - "name" : "SUSE-SR:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "1023839", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023839" - }, - { - "name" : "39306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39306" - }, - { - "name" : "ADV-2011-0442", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100408 Re: CVE request -- memcached", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127075341110616&w=2" + }, + { + "name": "39306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39306" + }, + { + "name": "http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719", + "refsource": "CONFIRM", + "url": "http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719" + }, + { + "name": "http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached" + }, + { + "name": "[oss-security] 20100408 CVE request -- memcached", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127074597129559&w=2" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "ADV-2011-0442", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0442" + }, + { + "name": "http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9", + "refsource": "CONFIRM", + "url": "http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9" + }, + { + "name": "http://code.google.com/p/memcached/issues/detail?id=102", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/memcached/issues/detail?id=102" + }, + { + "name": "[oss-security] 20100408 Re: CVE request -- memcached", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127075808518733&w=2" + }, + { + "name": "1023839", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023839" + }, + { + "name": "SUSE-SR:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1196.json b/2010/1xxx/CVE-2010-1196.json index 1cb879ed5de..3811eeb2a59 100644 --- a/2010/1xxx/CVE-2010-1196.json +++ b/2010/1xxx/CVE-2010-1196.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534666", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534666" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100091069", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100091069" - }, - { - "name" : "FEDORA-2010-10344", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html" - }, - { - "name" : "FEDORA-2010-10361", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html" - }, - { - "name" : "MDVSA-2010:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125" - }, - { - "name" : "RHSA-2010:0500", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0500.html" - }, - { - "name" : "RHSA-2010:0501", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0501.html" - }, - { - "name" : "SUSE-SA:2010:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" - }, - { - "name" : "USN-930-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-930-1" - }, - { - "name" : "USN-930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-930-2" - }, - { - "name" : "41050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41050" - }, - { - "name" : "41087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41087" - }, - { - "name" : "oval:org.mitre.oval:def:11424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424" - }, - { - "name" : "oval:org.mitre.oval:def:14017", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017" - }, - { - "name" : "1024138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024138" - }, - { - "name" : "1024139", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024139" - }, - { - "name" : "40323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40323" - }, - { - "name" : "40326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40326" - }, - { - "name" : "40401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40401" - }, - { - "name" : "40481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40481" - }, - { - "name" : "ADV-2010-1551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1551" - }, - { - "name" : "ADV-2010-1557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1557" - }, - { - "name" : "ADV-2010-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1640" - }, - { - "name" : "ADV-2010-1773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1773" - }, - { - "name" : "ADV-2010-1592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1592" - }, - { - "name" : "firefox-nsgenericdomdatanode-bo(59665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40481" + }, + { + "name": "USN-930-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-930-1" + }, + { + "name": "FEDORA-2010-10361", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html" + }, + { + "name": "1024138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024138" + }, + { + "name": "ADV-2010-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1640" + }, + { + "name": "41050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41050" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-29.html" + }, + { + "name": "RHSA-2010:0501", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0501.html" + }, + { + "name": "ADV-2010-1557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1557" + }, + { + "name": "MDVSA-2010:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125" + }, + { + "name": "oval:org.mitre.oval:def:11424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424" + }, + { + "name": "ADV-2010-1773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1773" + }, + { + "name": "firefox-nsgenericdomdatanode-bo(59665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59665" + }, + { + "name": "ADV-2010-1592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1592" + }, + { + "name": "USN-930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-930-2" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=534666", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=534666" + }, + { + "name": "ADV-2010-1551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1551" + }, + { + "name": "RHSA-2010:0500", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0500.html" + }, + { + "name": "SUSE-SA:2010:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" + }, + { + "name": "40323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40323" + }, + { + "name": "oval:org.mitre.oval:def:14017", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017" + }, + { + "name": "40401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40401" + }, + { + "name": "FEDORA-2010-10344", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html" + }, + { + "name": "40326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40326" + }, + { + "name": "41087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41087" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100091069", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100091069" + }, + { + "name": "1024139", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024139" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1733.json b/2010/1xxx/CVE-2010-1733.json index be147554516..a83d29ac060 100644 --- a/2010/1xxx/CVE-2010-1733.json +++ b/2010/1xxx/CVE-2010-1733.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the \"Software name\" field to the \"All softwares\" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDVSA-2010:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178" - }, - { - "name" : "61942", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61942" - }, - { - "name" : "38311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38311" - }, - { - "name" : "ocsinventoryng-searchform-sql-injection(55873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the \"Software name\" field to the \"All softwares\" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38311" + }, + { + "name": "MDVSA-2010:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178" + }, + { + "name": "ocsinventoryng-searchform-sql-injection(55873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873" + }, + { + "name": "61942", + "refsource": "OSVDB", + "url": "http://osvdb.org/61942" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3377.json b/2010/3xxx/CVE-2010-3377.json index 9c42ffabf6d..1d925388fc9 100644 --- a/2010/3xxx/CVE-2010-3377.json +++ b/2010/3xxx/CVE-2010-3377.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598421", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598421", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598421" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3437.json b/2010/3xxx/CVE-2010-3437.json index c1be4be1861..7f1ea01ad17 100644 --- a/2010/3xxx/CVE-2010-3437.json +++ b/2010/3xxx/CVE-2010-3437.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15150", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15150/" - }, - { - "name" : "[oss-security] 20100928 CVE request - kernel: pktcdvd ioctl dev_minor missing range check", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/28/2" - }, - { - "name" : "[oss-security] 20100928 Re: CVE request - kernel: pktcdvd ioctl dev_minor missing range check", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/28/6" - }, - { - "name" : "http://jon.oberheide.org/files/cve-2010-3437.c", - "refsource" : "MISC", - "url" : "http://jon.oberheide.org/files/cve-2010-3437.c" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=638085", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=638085" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "RHSA-2010:0842", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0842.html" - }, - { - "name" : "SUSE-SA:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" - }, - { - "name" : "SUSE-SA:2010:060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "43551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43551" - }, - { - "name" : "42778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42778" - }, - { - "name" : "42801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42801" - }, - { - "name" : "42932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42932" - }, - { - "name" : "ADV-2011-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0012" - }, - { - "name" : "ADV-2011-0124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0124" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" + }, + { + "name": "42778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42778" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "42801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42801" + }, + { + "name": "43551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43551" + }, + { + "name": "SUSE-SA:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=638085", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638085" + }, + { + "name": "SUSE-SA:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" + }, + { + "name": "42932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42932" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6" + }, + { + "name": "15150", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15150/" + }, + { + "name": "[oss-security] 20100928 CVE request - kernel: pktcdvd ioctl dev_minor missing range check", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/28/2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29" + }, + { + "name": "ADV-2011-0124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0124" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "SUSE-SA:2010:060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" + }, + { + "name": "RHSA-2010:0842", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "[oss-security] 20100928 Re: CVE request - kernel: pktcdvd ioctl dev_minor missing range check", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/28/6" + }, + { + "name": "http://jon.oberheide.org/files/cve-2010-3437.c", + "refsource": "MISC", + "url": "http://jon.oberheide.org/files/cve-2010-3437.c" + }, + { + "name": "ADV-2011-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0012" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3689.json b/2010/3xxx/CVE-2010-3689.json index 452a7ac3647..86271404674 100644 --- a/2010/3xxx/CVE-2010-3689.json +++ b/2010/3xxx/CVE-2010-3689.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-3689.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-3689.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641224", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641224" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "DSA-2151", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2151" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "MDVSA-2011:027", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" - }, - { - "name" : "RHSA-2011:0182", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0182.html" - }, - { - "name" : "USN-1056-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1056-1" - }, - { - "name" : "46031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46031" - }, - { - "name" : "70716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70716" - }, - { - "name" : "1025004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025004" - }, - { - "name" : "43065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43065" - }, - { - "name" : "42999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42999" - }, - { - "name" : "43105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43105" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - }, - { - "name" : "40775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40775" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - }, - { - "name" : "ADV-2011-0232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0232" - }, - { - "name" : "ADV-2011-0279", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40775" + }, + { + "name": "46031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46031" + }, + { + "name": "DSA-2151", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2151" + }, + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-3689.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-3689.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "43065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43065" + }, + { + "name": "1025004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025004" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "ADV-2011-0232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0232" + }, + { + "name": "RHSA-2011:0182", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html" + }, + { + "name": "USN-1056-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1056-1" + }, + { + "name": "ADV-2011-0279", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0279" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=641224", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=641224" + }, + { + "name": "43105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43105" + }, + { + "name": "70716", + "refsource": "OSVDB", + "url": "http://osvdb.org/70716" + }, + { + "name": "MDVSA-2011:027", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" + }, + { + "name": "42999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42999" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3795.json b/2010/3xxx/CVE-2010-3795.json index 8d93817acde..851f86f445b 100644 --- a/2010/3xxx/CVE-2010-3795.json +++ b/2010/3xxx/CVE-2010-3795.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4447", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4447" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-12-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" - }, - { - "name" : "1024729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "1024729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024729" + }, + { + "name": "APPLE-SA-2010-12-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4447", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4447" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4006.json b/2010/4xxx/CVE-2010-4006.json index c783328f1cf..9f7e58f6752 100644 --- a/2010/4xxx/CVE-2010-4006.json +++ b/2010/4xxx/CVE-2010-4006.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101031 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514585/100/0/threaded" - }, - { - "name" : "15607", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15607" - }, - { - "name" : "20101031 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.html" - }, - { - "name" : "http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/", - "refsource" : "MISC", - "url" : "http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/" - }, - { - "name" : "44593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44593" - }, - { - "name" : "wsnlinks-search-sql-injection(62939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101031 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.html" + }, + { + "name": "20101031 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514585/100/0/threaded" + }, + { + "name": "http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/", + "refsource": "MISC", + "url": "http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/" + }, + { + "name": "wsnlinks-search-sql-injection(62939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62939" + }, + { + "name": "44593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44593" + }, + { + "name": "15607", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15607" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4120.json b/2010/4xxx/CVE-2010-4120.json index 0e8ecc93741..63e2f93d8e4 100644 --- a/2010/4xxx/CVE-2010-4120.json +++ b/2010/4xxx/CVE-2010-4120.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ84918", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918" - }, - { - "name" : "44382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44382" - }, - { - "name" : "68884", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68884" - }, - { - "name" : "68885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68885" - }, - { - "name" : "68886", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68886" - }, - { - "name" : "68887", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68887" - }, - { - "name" : "68888", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68888" - }, - { - "name" : "68889", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68889" - }, - { - "name" : "68890", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68890" - }, - { - "name" : "68891", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68891" - }, - { - "name" : "68892", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68892" - }, - { - "name" : "68893", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68893" - }, - { - "name" : "68894", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68894" - }, - { - "name" : "1024633", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024633" - }, - { - "name" : "41974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41974" - }, - { - "name" : "ADV-2010-2774", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2774" - }, - { - "name" : "tivoli-ebusiness-parm1-xss(62750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68892", + "refsource": "OSVDB", + "url": "http://osvdb.org/68892" + }, + { + "name": "68891", + "refsource": "OSVDB", + "url": "http://osvdb.org/68891" + }, + { + "name": "68885", + "refsource": "OSVDB", + "url": "http://osvdb.org/68885" + }, + { + "name": "ADV-2010-2774", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2774" + }, + { + "name": "IZ84918", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918" + }, + { + "name": "68890", + "refsource": "OSVDB", + "url": "http://osvdb.org/68890" + }, + { + "name": "68884", + "refsource": "OSVDB", + "url": "http://osvdb.org/68884" + }, + { + "name": "68893", + "refsource": "OSVDB", + "url": "http://osvdb.org/68893" + }, + { + "name": "tivoli-ebusiness-parm1-xss(62750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750" + }, + { + "name": "44382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44382" + }, + { + "name": "68886", + "refsource": "OSVDB", + "url": "http://osvdb.org/68886" + }, + { + "name": "1024633", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024633" + }, + { + "name": "68889", + "refsource": "OSVDB", + "url": "http://osvdb.org/68889" + }, + { + "name": "68888", + "refsource": "OSVDB", + "url": "http://osvdb.org/68888" + }, + { + "name": "68894", + "refsource": "OSVDB", + "url": "http://osvdb.org/68894" + }, + { + "name": "68887", + "refsource": "OSVDB", + "url": "http://osvdb.org/68887" + }, + { + "name": "41974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41974" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4543.json b/2010/4xxx/CVE-2010-4543.json index 6a8da8637b1..48e30d275fc 100644 --- a/2010/4xxx/CVE-2010-4543.json +++ b/2010/4xxx/CVE-2010-4543.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110103 CVE request for buffer overflows in gimp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/03/2" - }, - { - "name" : "[oss-security] 20110104 Re: CVE request for buffer overflows in gimp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/04/7" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=666793", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=666793" - }, - { - "name" : "DSA-2426", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2426" - }, - { - "name" : "GLSA-201209-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-23.xml" - }, - { - "name" : "MDVSA-2011:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" - }, - { - "name" : "RHSA-2011:0837", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0837.html" - }, - { - "name" : "RHSA-2011:0838", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0838.html" - }, - { - "name" : "RHSA-2011:0839", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0839.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "70284", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70284" - }, - { - "name" : "42771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42771" - }, - { - "name" : "44750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44750" - }, - { - "name" : "50737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50737" - }, - { - "name" : "48236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48236" - }, - { - "name" : "ADV-2011-0016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2426", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2426" + }, + { + "name": "GLSA-201209-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" + }, + { + "name": "70284", + "refsource": "OSVDB", + "url": "http://osvdb.org/70284" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=666793", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666793" + }, + { + "name": "ADV-2011-0016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0016" + }, + { + "name": "RHSA-2011:0839", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0839.html" + }, + { + "name": "RHSA-2011:0837", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "RHSA-2011:0838", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" + }, + { + "name": "[oss-security] 20110104 Re: CVE request for buffer overflows in gimp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/04/7" + }, + { + "name": "44750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44750" + }, + { + "name": "42771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42771" + }, + { + "name": "50737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50737" + }, + { + "name": "[oss-security] 20110103 CVE request for buffer overflows in gimp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/03/2" + }, + { + "name": "48236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48236" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497" + }, + { + "name": "MDVSA-2011:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:103" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4573.json b/2010/4xxx/CVE-2010-4573.json index 33709758eaa..bba617b0b24 100644 --- a/2010/4xxx/CVE-2010-4573.json +++ b/2010/4xxx/CVE-2010-4573.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101221 VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515420/100/0/threaded" - }, - { - "name" : "[security-announce] 20101221 VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000114.html" - }, - { - "name" : "http://kb.vmware.com/kb/1031761", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/kb/1031761" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0020.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0020.html" - }, - { - "name" : "45543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45543" - }, - { - "name" : "1024917", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024917" - }, - { - "name" : "42591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42591" - }, - { - "name" : "ADV-2010-3303", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101221 VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515420/100/0/threaded" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0020.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0020.html" + }, + { + "name": "1024917", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024917" + }, + { + "name": "45543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45543" + }, + { + "name": "[security-announce] 20101221 VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000114.html" + }, + { + "name": "ADV-2010-3303", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3303" + }, + { + "name": "42591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42591" + }, + { + "name": "http://kb.vmware.com/kb/1031761", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/kb/1031761" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4574.json b/2010/4xxx/CVE-2010-4574.json index d0fbb9b508e..d88730603fa 100644 --- a/2010/4xxx/CVE-2010-4574.json +++ b/2010/4xxx/CVE-2010-4574.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=56449", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=56449" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033" - }, - { - "name" : "GLSA-201012-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml" - }, - { - "name" : "45390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45390" - }, - { - "name" : "oval:org.mitre.oval:def:14141", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141" - }, - { - "name" : "42648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html" + }, + { + "name": "42648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42648" + }, + { + "name": "oval:org.mitre.oval:def:14141", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141" + }, + { + "name": "45390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45390" + }, + { + "name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033" + }, + { + "name": "GLSA-201012-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=56449", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=56449" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4910.json b/2010/4xxx/CVE-2010-4910.json index 90f19da4c45..308d15020f9 100644 --- a/2010/4xxx/CVE-2010-4910.json +++ b/2010/4xxx/CVE-2010-4910.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14932", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14932" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/coldcalendar-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/coldcalendar-sql.txt" - }, - { - "name" : "43035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43035" - }, - { - "name" : "41333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41333" - }, - { - "name" : "8445", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8445" - }, - { - "name" : "coldcalendar-index-sql-injection(61637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coldcalendar-index-sql-injection(61637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61637" + }, + { + "name": "8445", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8445" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/coldcalendar-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/coldcalendar-sql.txt" + }, + { + "name": "43035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43035" + }, + { + "name": "41333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41333" + }, + { + "name": "14932", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14932" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0161.json b/2014/0xxx/CVE-2014-0161.json index bdc4f269114..6058fe4c49c 100644 --- a/2014/0xxx/CVE-2014-0161.json +++ b/2014/0xxx/CVE-2014-0161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0161", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0161", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0428.json b/2014/0xxx/CVE-2014-0428.json index 6598ac00672..dedfeccba0d 100644 --- a/2014/0xxx/CVE-2014-0428.json +++ b/2014/0xxx/CVE-2014-0428.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to \"insufficient security checks in IIOP streams,\" which allows attackers to escape the sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051519", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051519" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html" - }, - { - "name" : "RHSA-2014:0027", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html" - }, - { - "name" : "RHSA-2014:0097", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html" - }, - { - "name" : "RHSA-2014:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "openSUSE-SU-2014:0174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "openSUSE-SU-2014:0177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" - }, - { - "name" : "openSUSE-SU-2014:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "USN-2124-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2124-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64935" - }, - { - "name" : "101996", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101996" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56432" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56486" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to \"insufficient security checks in IIOP streams,\" which allows attackers to escape the sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56432" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "RHSA-2014:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html" + }, + { + "name": "openSUSE-SU-2014:0174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "RHSA-2014:0097", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051519", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051519" + }, + { + "name": "64935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64935" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "RHSA-2014:0027", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html" + }, + { + "name": "56486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56486" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698" + }, + { + "name": "USN-2124-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2124-1" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "RHSA-2014:0026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + }, + { + "name": "101996", + "refsource": "OSVDB", + "url": "http://osvdb.org/101996" + }, + { + "name": "openSUSE-SU-2014:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" + }, + { + "name": "openSUSE-SU-2014:0177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3972.json b/2014/3xxx/CVE-2014-3972.json index 555ce4d27ba..55952d407f7 100644 --- a/2014/3xxx/CVE-2014-3972.json +++ b/2014/3xxx/CVE-2014-3972.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/zeroday/FG-VD-14-004", - "refsource" : "MISC", - "url" : "https://fortiguard.com/zeroday/FG-VD-14-004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/zeroday/FG-VD-14-004", + "refsource": "MISC", + "url": "https://fortiguard.com/zeroday/FG-VD-14-004" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4052.json b/2014/4xxx/CVE-2014-4052.json index d41de19f94a..36c678be132 100644 --- a/2014/4xxx/CVE-2014-4052.json +++ b/2014/4xxx/CVE-2014-4052.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69127" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20144052-code-exec(94986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "ms-ie-cve20144052-code-exec(94986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94986" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69127" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4083.json b/2014/4xxx/CVE-2014-4083.json index 54eb67ffda3..b6989f68cb2 100644 --- a/2014/4xxx/CVE-2014-4083.json +++ b/2014/4xxx/CVE-2014-4083.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69587" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144083-code-exec(95513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69587" + }, + { + "name": "ms-ie-cve20144083-code-exec(95513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95513" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4100.json b/2014/4xxx/CVE-2014-4100.json index 867162e992b..84ecef09b69 100644 --- a/2014/4xxx/CVE-2014-4100.json +++ b/2014/4xxx/CVE-2014-4100.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69608" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144100-code-exec(95530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "69608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69608" + }, + { + "name": "ms-ie-cve20144100-code-exec(95530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95530" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4358.json b/2014/4xxx/CVE-2014-4358.json index 8a03d26148a..3e82227584a 100644 --- a/2014/4xxx/CVE-2014-4358.json +++ b/2014/4xxx/CVE-2014-4358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4358", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4358", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4425.json b/2014/4xxx/CVE-2014-4425.json index c7d5045a679..15429cca2de 100644 --- a/2014/4xxx/CVE-2014-4425.json +++ b/2014/4xxx/CVE-2014-4425.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFPreferences in Apple OS X before 10.10 does not properly enforce the \"require password after sleep or screen saver begins\" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "70630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70630" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144425-sec-bypass(97640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFPreferences in Apple OS X before 10.10 does not properly enforce the \"require password after sleep or screen saver begins\" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144425-sec-bypass(97640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97640" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "70630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70630" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4994.json b/2014/4xxx/CVE-2014-4994.json index 79f81e763c9..1ff7870c548 100644 --- a/2014/4xxx/CVE-2014-4994.json +++ b/2014/4xxx/CVE-2014-4994.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem gyazo-1.0.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/07/13" - }, - { - "name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/17/5" + }, + { + "name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem gyazo-1.0.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/07/13" + }, + { + "name": "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8337.json b/2014/8xxx/CVE-2014-8337.json index db1cde100a4..71334e9527d 100644 --- a/2014/8xxx/CVE-2014-8337.json +++ b/2014/8xxx/CVE-2014-8337.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8337", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8337", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8387.json b/2014/8xxx/CVE-2014-8387.json index cb36f780c78..46efbed52c6 100644 --- a/2014/8xxx/CVE-2014-8387.json +++ b/2014/8xxx/CVE-2014-8387.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141119 [CORE-2014-0009] - Advantech EKI-6340 Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534021/100/0/threaded" - }, - { - "name" : "20141119 [CORE-2014-0009] - Advantech EKI-6340 Command Injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/58" - }, - { - "name" : "http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection" - }, - { - "name" : "71192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection" + }, + { + "name": "20141119 [CORE-2014-0009] - Advantech EKI-6340 Command Injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/58" + }, + { + "name": "20141119 [CORE-2014-0009] - Advantech EKI-6340 Command Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534021/100/0/threaded" + }, + { + "name": "71192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71192" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8633.json b/2014/8xxx/CVE-2014-8633.json index bcf6e24e7b7..b5269f5ba3f 100644 --- a/2014/8xxx/CVE-2014-8633.json +++ b/2014/8xxx/CVE-2014-8633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8635.json b/2014/8xxx/CVE-2014-8635.json index a043ec2a019..386cec5b5cc 100644 --- a/2014/8xxx/CVE-2014-8635.json +++ b/2014/8xxx/CVE-2014-8635.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-8635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1026774", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1026774" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1027300", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1027300" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1054538", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1054538" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1067473", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1067473" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1070962", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1070962" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072130", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072130" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072871", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072871" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1098583", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1098583" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" - }, - { - "name" : "openSUSE-SU-2015:0077", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:0192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "72050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72050" - }, - { - "name" : "1031533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031533" - }, - { - "name" : "1031534", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031534" - }, - { - "name" : "62242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62242" - }, - { - "name" : "62250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62250" - }, - { - "name" : "62446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62446" - }, - { - "name" : "62657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62657" - }, - { - "name" : "62790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62790" - }, - { - "name" : "62253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62253" - }, - { - "name" : "62316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62316" - }, - { - "name" : "62418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62242" + }, + { + "name": "1031533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031533" + }, + { + "name": "openSUSE-SU-2015:0192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1098583", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1098583" + }, + { + "name": "72050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72050" + }, + { + "name": "62250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62250" + }, + { + "name": "openSUSE-SU-2015:0077", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" + }, + { + "name": "62418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62418" + }, + { + "name": "62316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62316" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1070962", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1070962" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "62790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62790" + }, + { + "name": "62446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62446" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072130", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072130" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1067473", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1067473" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1026774", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1026774" + }, + { + "name": "62657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62657" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1054538", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1054538" + }, + { + "name": "openSUSE-SU-2015:0133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-01.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1027300", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1027300" + }, + { + "name": "62253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62253" + }, + { + "name": "1031534", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031534" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072871", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072871" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8991.json b/2014/8xxx/CVE-2014-8991.json index 30d42edfd9c..0e0f4a59418 100644 --- a/2014/8xxx/CVE-2014-8991.json +++ b/2014/8xxx/CVE-2014-8991.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Requesting a CVE for pip - Local DoS with predictable temp directory names", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/19/17" - }, - { - "name" : "[oss-security] 20141120 Re: Requesting a CVE for pip - Local DoS with predictable temp directory names", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/20/6" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847" - }, - { - "name" : "https://github.com/pypa/pip/pull/2122", - "refsource" : "CONFIRM", - "url" : "https://github.com/pypa/pip/pull/2122" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "71209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141117 Requesting a CVE for pip - Local DoS with predictable temp directory names", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/19/17" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847" + }, + { + "name": "71209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71209" + }, + { + "name": "[oss-security] 20141120 Re: Requesting a CVE for pip - Local DoS with predictable temp directory names", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/20/6" + }, + { + "name": "https://github.com/pypa/pip/pull/2122", + "refsource": "CONFIRM", + "url": "https://github.com/pypa/pip/pull/2122" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9183.json b/2014/9xxx/CVE-2014-9183.json index d36a79dffac..7c697404135 100644 --- a/2014/9xxx/CVE-2014-9183.json +++ b/2014/9xxx/CVE-2014-9183.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9293.json b/2014/9xxx/CVE-2014-9293.json index 1fc7df3dd35..4ca68be18d3 100644 --- a/2014/9xxx/CVE-2014-9293.json +++ b/2014/9xxx/CVE-2014-9293.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw", - "refsource" : "CONFIRM", - "url" : "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw" - }, - { - "name" : "http://bugs.ntp.org/show_bug.cgi?id=2665", - "refsource" : "CONFIRM", - "url" : "http://bugs.ntp.org/show_bug.cgi?id=2665" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1176032", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0541.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0541.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10103", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10103" - }, - { - "name" : "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd" - }, - { - "name" : "HPSBPV03266", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142469153211996&w=2" - }, - { - "name" : "HPSBGN03277", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142590659431171&w=2" - }, - { - "name" : "HPSBOV03505", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144182594518755&w=2" - }, - { - "name" : "HPSBUX03240", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142853370924302&w=2" - }, - { - "name" : "SSRT101872", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142853370924302&w=2" - }, - { - "name" : "MDVSA-2015:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003" - }, - { - "name" : "RHSA-2014:2025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-2025.html" - }, - { - "name" : "RHSA-2015:0104", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0104.html" - }, - { - "name" : "VU#852879", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/852879" - }, - { - "name" : "71757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71757" - }, - { - "name" : "62209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd" + }, + { + "name": "HPSBGN03277", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142590659431171&w=2" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10103", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10103" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0541.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0541.html" + }, + { + "name": "VU#852879", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/852879" + }, + { + "name": "HPSBUX03240", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142853370924302&w=2" + }, + { + "name": "RHSA-2014:2025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html" + }, + { + "name": "62209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62209" + }, + { + "name": "http://bugs.ntp.org/show_bug.cgi?id=2665", + "refsource": "CONFIRM", + "url": "http://bugs.ntp.org/show_bug.cgi?id=2665" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "RHSA-2015:0104", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html" + }, + { + "name": "HPSBOV03505", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144182594518755&w=2" + }, + { + "name": "SSRT101872", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142853370924302&w=2" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice" + }, + { + "name": "HPSBPV03266", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142469153211996&w=2" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783" + }, + { + "name": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw", + "refsource": "CONFIRM", + "url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw" + }, + { + "name": "MDVSA-2015:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003" + }, + { + "name": "71757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71757" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9982.json b/2014/9xxx/CVE-2014-9982.json index 2b36fad0b00..a365f08bcef 100644 --- a/2014/9xxx/CVE-2014-9982.json +++ b/2014/9xxx/CVE-2014-9982.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9982", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9982", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2584.json b/2016/2xxx/CVE-2016-2584.json index f619710d54e..f9c67d5fce4 100644 --- a/2016/2xxx/CVE-2016-2584.json +++ b/2016/2xxx/CVE-2016-2584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2584", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2584", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3112.json b/2016/3xxx/CVE-2016-3112.json index c9a548f9001..eb929d91081 100644 --- a/2016/3xxx/CVE-2016-3112.json +++ b/2016/3xxx/CVE-2016-3112.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/20/1" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=1146538", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=1146538" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326242", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326242" - }, - { - "name" : "https://pulp.plan.io/issues/1834", - "refsource" : "CONFIRM", - "url" : "https://pulp.plan.io/issues/1834" - }, - { - "name" : "RHBA-2016:1501", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2016:1501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pulp.plan.io/issues/1834", + "refsource": "CONFIRM", + "url": "https://pulp.plan.io/issues/1834" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=1146538", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=1146538" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326242", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326242" + }, + { + "name": "RHBA-2016:1501", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2016:1501" + }, + { + "name": "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3472.json b/2016/3xxx/CVE-2016-3472.json index 867d35e6003..ccf4ea8c983 100644 --- a/2016/3xxx/CVE-2016-3472.json +++ b/2016/3xxx/CVE-2016-3472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91978" - }, - { - "name" : "1036400", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036400", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036400" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91978" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3563.json b/2016/3xxx/CVE-2016-3563.json index 6caa15e2ad0..0a6e57244fa 100644 --- a/2016/3xxx/CVE-2016-3563.json +++ b/2016/3xxx/CVE-2016-3563.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91880" - }, - { - "name" : "1036406", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036406", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036406" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91880" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3988.json b/2016/3xxx/CVE-2016-3988.json index 6e3dcbc9931..6107b2789d1 100644 --- a/2016/3xxx/CVE-2016-3988.json +++ b/2016/3xxx/CVE-2016-3988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6185.json b/2016/6xxx/CVE-2016-6185.json index 7050f6aba63..ef34d531c94 100644 --- a/2016/6xxx/CVE-2016-6185.json +++ b/2016/6xxx/CVE-2016-6185.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-6185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/07/1" - }, - { - "name" : "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/08/5" - }, - { - "name" : "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7", - "refsource" : "CONFIRM", - "url" : "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7" - }, - { - "name" : "https://rt.cpan.org/Public/Bug/Display.html?id=115808", - "refsource" : "CONFIRM", - "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=115808" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "DSA-3628", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3628" - }, - { - "name" : "FEDORA-2016-485dff6060", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/" - }, - { - "name" : "FEDORA-2016-742bde2be7", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/" - }, - { - "name" : "FEDORA-2016-eb2592245b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/" - }, - { - "name" : "GLSA-201701-75", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-75" - }, - { - "name" : "USN-3625-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3625-2/" - }, - { - "name" : "USN-3625-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3625-1/" - }, - { - "name" : "91685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91685" - }, - { - "name" : "1036260", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-eb2592245b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/" + }, + { + "name": "GLSA-201701-75", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-75" + }, + { + "name": "USN-3625-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3625-2/" + }, + { + "name": "FEDORA-2016-485dff6060", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/" + }, + { + "name": "1036260", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036260" + }, + { + "name": "DSA-3628", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3628" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7", + "refsource": "CONFIRM", + "url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7" + }, + { + "name": "91685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91685" + }, + { + "name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/07/1" + }, + { + "name": "FEDORA-2016-742bde2be7", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/" + }, + { + "name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/08/5" + }, + { + "name": "USN-3625-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3625-1/" + }, + { + "name": "https://rt.cpan.org/Public/Bug/Display.html?id=115808", + "refsource": "CONFIRM", + "url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6240.json b/2016/6xxx/CVE-2016-6240.json index bea396bb2f3..43c7c05ad0c 100644 --- a/2016/6xxx/CVE-2016-6240.json +++ b/2016/6xxx/CVE-2016-6240.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/14/5" - }, - { - "name" : "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/7" - }, - { - "name" : "http://www.openbsd.org/errata58.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata58.html" - }, - { - "name" : "http://www.openbsd.org/errata59.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata59.html" - }, - { - "name" : "91805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91805" - }, - { - "name" : "1036318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036318" + }, + { + "name": "http://www.openbsd.org/errata59.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata59.html" + }, + { + "name": "[oss-security] 20160714 Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/14/5" + }, + { + "name": "[oss-security] 20160717 ReL Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/7" + }, + { + "name": "http://www.openbsd.org/errata58.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata58.html" + }, + { + "name": "91805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91805" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6670.json b/2016/6xxx/CVE-2016-6670.json index 023d0cdb51e..713dd046a5f 100644 --- a/2016/6xxx/CVE-2016-6670.json +++ b/2016/6xxx/CVE-2016-6670.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-certificate-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-certificate-en" - }, - { - "name" : "92438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-certificate-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-certificate-en" + }, + { + "name": "92438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92438" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7094.json b/2016/7xxx/CVE-2016-7094.json index 98f4479b709..f452dec97d5 100644 --- a/2016/7xxx/CVE-2016-7094.json +++ b/2016/7xxx/CVE-2016-7094.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX216071", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX216071" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-187.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-187.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "DSA-3663", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3663" - }, - { - "name" : "GLSA-201611-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-09" - }, - { - "name" : "92864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92864" - }, - { - "name" : "1036753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "DSA-3663", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3663" + }, + { + "name": "92864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92864" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-187.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-187.html" + }, + { + "name": "http://support.citrix.com/article/CTX216071", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX216071" + }, + { + "name": "1036753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036753" + }, + { + "name": "GLSA-201611-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-09" + }, + { + "name": "http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7147.json b/2016/7xxx/CVE-2016-7147.json index 53845385900..56caffc344f 100644 --- a/2016/7xxx/CVE-2016-7147.json +++ b/2016/7xxx/CVE-2016-7147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plone.org/security/hotfix/20170117", - "refsource" : "MISC", - "url" : "https://plone.org/security/hotfix/20170117" - }, - { - "name" : "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2", - "refsource" : "MISC", - "url" : "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2" - }, - { - "name" : "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html", - "refsource" : "MISC", - "url" : "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html" - }, - { - "name" : "96117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html", + "refsource": "MISC", + "url": "https://www.curesec.com/blog/article/blog/Plone-XSS-186.html" + }, + { + "name": "https://plone.org/security/hotfix/20170117", + "refsource": "MISC", + "url": "https://plone.org/security/hotfix/20170117" + }, + { + "name": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2", + "refsource": "MISC", + "url": "https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2" + }, + { + "name": "96117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96117" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7480.json b/2016/7xxx/CVE-2016-7480.json index 7697523034b..014374cc321 100644 --- a/2016/7xxx/CVE-2016-7480.json +++ b/2016/7xxx/CVE-2016-7480.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "ID" : "CVE-2016-7480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PHP before 7.0.12", - "version" : { - "version_data" : [ - { - "version_value" : "PHP before 7.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "missing data-type validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "ID": "CVE-2016-7480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP before 7.0.12", + "version": { + "version_data": [ + { + "version_value": "PHP before 7.0.12" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7", - "refsource" : "MISC", - "url" : "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7" - }, - { - "name" : "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf", - "refsource" : "MISC", - "url" : "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "MISC", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73257", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=73257" - }, - { - "name" : "https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4", - "refsource" : "MISC", - "url" : "https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4" - }, - { - "name" : "https://www.youtube.com/watch?v=LDcaPstAuPk", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=LDcaPstAuPk" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180112-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180112-0001/" - }, - { - "name" : "95152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "missing data-type validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf", + "refsource": "MISC", + "url": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf" + }, + { + "name": "https://www.youtube.com/watch?v=LDcaPstAuPk", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=LDcaPstAuPk" + }, + { + "name": "https://bugs.php.net/bug.php?id=73257", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=73257" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "MISC", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "95152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95152" + }, + { + "name": "https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4", + "refsource": "MISC", + "url": "https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180112-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180112-0001/" + }, + { + "name": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7", + "refsource": "MISC", + "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7704.json b/2016/7xxx/CVE-2016-7704.json index b33d11c199a..a5b1c2ea8ae 100644 --- a/2016/7xxx/CVE-2016-7704.json +++ b/2016/7xxx/CVE-2016-7704.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7704", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7704", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7898.json b/2016/7xxx/CVE-2016-7898.json index a116870a043..9fccd32a6eb 100644 --- a/2016/7xxx/CVE-2016-7898.json +++ b/2016/7xxx/CVE-2016-7898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7898", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7898", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file