From b99a2ab8c3b57b2dc74514656820f967f5fdac8d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:44:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0277.json | 200 ++++++------ 2006/0xxx/CVE-2006-0284.json | 200 ++++++------ 2006/0xxx/CVE-2006-0537.json | 210 ++++++------ 2006/0xxx/CVE-2006-0706.json | 170 +++++----- 2006/1xxx/CVE-2006-1740.json | 570 ++++++++++++++++----------------- 2006/3xxx/CVE-2006-3422.json | 140 ++++---- 2006/3xxx/CVE-2006-3754.json | 160 ++++----- 2006/3xxx/CVE-2006-3965.json | 120 +++---- 2006/4xxx/CVE-2006-4436.json | 200 ++++++------ 2006/4xxx/CVE-2006-4651.json | 170 +++++----- 2006/4xxx/CVE-2006-4769.json | 160 ++++----- 2006/4xxx/CVE-2006-4982.json | 140 ++++---- 2010/2xxx/CVE-2010-2076.json | 210 ++++++------ 2010/2xxx/CVE-2010-2937.json | 170 +++++----- 2010/3xxx/CVE-2010-3272.json | 190 +++++------ 2010/3xxx/CVE-2010-3433.json | 310 +++++++++--------- 2011/0xxx/CVE-2011-0599.json | 210 ++++++------ 2011/0xxx/CVE-2011-0878.json | 34 +- 2011/1xxx/CVE-2011-1148.json | 260 +++++++-------- 2011/1xxx/CVE-2011-1585.json | 170 +++++----- 2011/1xxx/CVE-2011-1651.json | 130 ++++---- 2014/3xxx/CVE-2014-3289.json | 190 +++++------ 2014/3xxx/CVE-2014-3451.json | 160 ++++----- 2014/3xxx/CVE-2014-3537.json | 260 +++++++-------- 2014/3xxx/CVE-2014-3603.json | 34 +- 2014/3xxx/CVE-2014-3692.json | 130 ++++---- 2014/6xxx/CVE-2014-6048.json | 130 ++++---- 2014/6xxx/CVE-2014-6469.json | 190 +++++------ 2014/6xxx/CVE-2014-6747.json | 140 ++++---- 2014/6xxx/CVE-2014-6757.json | 140 ++++---- 2014/7xxx/CVE-2014-7405.json | 140 ++++---- 2014/7xxx/CVE-2014-7406.json | 140 ++++---- 2014/7xxx/CVE-2014-7919.json | 150 ++++----- 2014/7xxx/CVE-2014-7990.json | 160 ++++----- 2014/8xxx/CVE-2014-8099.json | 200 ++++++------ 2014/8xxx/CVE-2014-8114.json | 140 ++++---- 2014/8xxx/CVE-2014-8204.json | 34 +- 2014/8xxx/CVE-2014-8809.json | 130 ++++---- 2014/8xxx/CVE-2014-8927.json | 120 +++---- 2014/9xxx/CVE-2014-9886.json | 140 ++++---- 2016/2xxx/CVE-2016-2194.json | 160 ++++----- 2016/2xxx/CVE-2016-2405.json | 120 +++---- 2016/2xxx/CVE-2016-2808.json | 260 +++++++-------- 2016/2xxx/CVE-2016-2963.json | 140 ++++---- 2016/6xxx/CVE-2016-6053.json | 34 +- 2016/6xxx/CVE-2016-6453.json | 140 ++++---- 2016/6xxx/CVE-2016-6967.json | 140 ++++---- 2017/18xxx/CVE-2017-18145.json | 132 ++++---- 2017/1xxx/CVE-2017-1166.json | 34 +- 2017/5xxx/CVE-2017-5118.json | 180 +++++------ 2017/5xxx/CVE-2017-5167.json | 130 ++++---- 2017/5xxx/CVE-2017-5414.json | 184 +++++------ 2017/5xxx/CVE-2017-5516.json | 130 ++++---- 2017/5xxx/CVE-2017-5546.json | 170 +++++----- 2017/5xxx/CVE-2017-5800.json | 132 ++++---- 55 files changed, 4469 insertions(+), 4469 deletions(-) diff --git a/2006/0xxx/CVE-2006-0277.json b/2006/0xxx/CVE-2006-0277.json index 722bbd193e1..b96e6678e47 100644 --- a/2006/0xxx/CVE-2006-0277.json +++ b/2006/0xxx/CVE-2006-0277.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0284.json b/2006/0xxx/CVE-2006-0284.json index 10a0ae2d893..0aa60b510f9 100644 --- a/2006/0xxx/CVE-2006-0284.json +++ b/2006/0xxx/CVE-2006-0284.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0537.json b/2006/0xxx/CVE-2006-0537.json index f7db59cf414..0e852d7f583 100644 --- a/2006/0xxx/CVE-2006-0537.json +++ b/2006/0xxx/CVE-2006-0537.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060203 Exchangepop3 rcpt buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0040.html" - }, - { - "name" : "1466", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1466" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl" - }, - { - "name" : "16485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16485" - }, - { - "name" : "ADV-2006-0437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0437" - }, - { - "name" : "22907", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22907" - }, - { - "name" : "1015580", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015580" - }, - { - "name" : "18687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18687" - }, - { - "name" : "408", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/408" - }, - { - "name" : "exchangepop3-rcptto-bo(24477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1466", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1466" + }, + { + "name": "408", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/408" + }, + { + "name": "18687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18687" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/exchangepop3.pl" + }, + { + "name": "ADV-2006-0437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0437" + }, + { + "name": "20060203 Exchangepop3 rcpt buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0040.html" + }, + { + "name": "16485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16485" + }, + { + "name": "22907", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22907" + }, + { + "name": "exchangepop3-rcptto-bo(24477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24477" + }, + { + "name": "1015580", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015580" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0706.json b/2006/0xxx/CVE-2006-0706.json index 1a8ef0d72ed..60b77513074 100644 --- a/2006/0xxx/CVE-2006-0706.json +++ b/2006/0xxx/CVE-2006-0706.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060213 XSS vulnerability in guestbook-php-script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113986789801121&w=2" - }, - { - "name" : "http://www.php4scripte.de/index.php", - "refsource" : "CONFIRM", - "url" : "http://www.php4scripte.de/index.php" - }, - { - "name" : "16615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16615" - }, - { - "name" : "ADV-2006-0566", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0566" - }, - { - "name" : "18849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18849" - }, - { - "name" : "gastebuch-homepage-xss(24670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in eintrag.php in G\u00e4stebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0566", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0566" + }, + { + "name": "gastebuch-homepage-xss(24670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24670" + }, + { + "name": "16615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16615" + }, + { + "name": "20060213 XSS vulnerability in guestbook-php-script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113986789801121&w=2" + }, + { + "name": "18849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18849" + }, + { + "name": "http://www.php4scripte.de/index.php", + "refsource": "CONFIRM", + "url": "http://www.php4scripte.de/index.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1740.json b/2006/1xxx/CVE-2006-1740.json index 8f1b42c3fbd..38260d148ed 100644 --- a/2006/1xxx/CVE-2006-1740.json +++ b/2006/1xxx/CVE-2006-1740.json @@ -1,287 +1,287 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=271194", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=271194" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-410", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" - }, - { - "name" : "FEDORA-2006-411", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" - }, - { - "name" : "FLSA:189137-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "MDKSA-2006:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" - }, - { - "name" : "MDKSA-2006:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" - }, - { - "name" : "RHSA-2006:0328", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" - }, - { - "name" : "RHSA-2006:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:021", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "oval:org.mitre.oval:def:10424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "oval:org.mitre.oval:def:1811", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19794" - }, - { - "name" : "19811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19811" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19714" - }, - { - "name" : "19721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19721" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19696" - }, - { - "name" : "19729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19729" - }, - { - "name" : "mozilla-secure-site-spoofing(25813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "20060404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "RHSA-2006:0328", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "MDKSA-2006:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "FEDORA-2006-410", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" + }, + { + "name": "oval:org.mitre.oval:def:1811", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "19714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19714" + }, + { + "name": "RHSA-2006:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "19811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19811" + }, + { + "name": "19794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19794" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "oval:org.mitre.oval:def:10424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19696" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "SUSE-SA:2006:021", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=271194", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=271194" + }, + { + "name": "19729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19729" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "mozilla-secure-site-spoofing(25813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25813" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "FLSA:189137-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "FEDORA-2006-411", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "19721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19721" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "MDKSA-2006:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3422.json b/2006/3xxx/CVE-2006-3422.json index 780587bb5fa..edbf8eb9eb8 100644 --- a/2006/3xxx/CVE-2006-3422.json +++ b/2006/3xxx/CVE-2006-3422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1982", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1982" - }, - { - "name" : "18821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18821" - }, - { - "name" : "wonderedit-templatepath-file-include(27536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wonderedit-templatepath-file-include(27536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27536" + }, + { + "name": "1982", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1982" + }, + { + "name": "18821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18821" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3754.json b/2006/3xxx/CVE-2006-3754.json index 265c11e4dca..42611563a04 100644 --- a/2006/3xxx/CVE-2006-3754.json +++ b/2006/3xxx/CVE-2006-3754.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2018", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2018" - }, - { - "name" : "19023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19023" - }, - { - "name" : "ADV-2006-2822", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2822" - }, - { - "name" : "21090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21090" - }, - { - "name" : "flushcms-classpath-file-include(27751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2018", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2018" + }, + { + "name": "19023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19023" + }, + { + "name": "21090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21090" + }, + { + "name": "flushcms-classpath-file-include(27751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27751" + }, + { + "name": "ADV-2006-2822", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2822" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3965.json b/2006/3xxx/CVE-2006-3965.json index 9283b0e3229..505b9a22a31 100644 --- a/2006/3xxx/CVE-2006-3965.json +++ b/2006/3xxx/CVE-2006-3965.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060730 Banex Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115423462216111&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060730 Banex Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115423462216111&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4436.json b/2006/4xxx/CVE-2006-4436.json index 6c71c3a3510..d5085f38c75 100644 --- a/2006/4xxx/CVE-2006-4436.json +++ b/2006/4xxx/CVE-2006-4436.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1175", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1175" - }, - { - "name" : "[3.8] 20060825 013: SECURITY FIX: August 25, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata38.html#isakmpd" - }, - { - "name" : "[3.9] 20060825 008: SECURITY FIX: August 25, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#isakmpd" - }, - { - "name" : "19712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19712" - }, - { - "name" : "28194", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28194" - }, - { - "name" : "1016757", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016757" - }, - { - "name" : "21652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21652" - }, - { - "name" : "21905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21905" - }, - { - "name" : "openbsd-isakmpd-security-bypass(28645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[3.8] 20060825 013: SECURITY FIX: August 25, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata38.html#isakmpd" + }, + { + "name": "28194", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28194" + }, + { + "name": "openbsd-isakmpd-security-bypass(28645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28645" + }, + { + "name": "1016757", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016757" + }, + { + "name": "21652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21652" + }, + { + "name": "DSA-1175", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1175" + }, + { + "name": "19712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19712" + }, + { + "name": "21905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21905" + }, + { + "name": "[3.9] 20060825 008: SECURITY FIX: August 25, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#isakmpd" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4651.json b/2006/4xxx/CVE-2006-4651.json index e837a751531..b7d21efdcd5 100644 --- a/2006/4xxx/CVE-2006-4651.json +++ b/2006/4xxx/CVE-2006-4651.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060902 php download local file include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445269/100/0/threaded" - }, - { - "name" : "19872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19872" - }, - { - "name" : "ADV-2006-3479", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3479" - }, - { - "name" : "21774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21774" - }, - { - "name" : "1528", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1528" - }, - { - "name" : "phpdownload-index-file-include(28751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21774" + }, + { + "name": "phpdownload-index-file-include(28751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28751" + }, + { + "name": "20060902 php download local file include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445269/100/0/threaded" + }, + { + "name": "1528", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1528" + }, + { + "name": "19872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19872" + }, + { + "name": "ADV-2006-3479", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3479" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4769.json b/2006/4xxx/CVE-2006-4769.json index 10b041e82d0..457f9704839 100644 --- a/2006/4xxx/CVE-2006-4769.json +++ b/2006/4xxx/CVE-2006-4769.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2350", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2350" - }, - { - "name" : "19971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19971" - }, - { - "name" : "ADV-2006-3590", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3590" - }, - { - "name" : "21891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21891" - }, - { - "name" : "p4cms-abfjs-file-include(28880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "p4cms-abfjs-file-include(28880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28880" + }, + { + "name": "19971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19971" + }, + { + "name": "21891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21891" + }, + { + "name": "2350", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2350" + }, + { + "name": "ADV-2006-3590", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3590" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4982.json b/2006/4xxx/CVE-2006-4982.json index 3eae950969d..a45a18db7e7 100644 --- a/2006/4xxx/CVE-2006-4982.json +++ b/2006/4xxx/CVE-2006-4982.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060919 White paper release: Bypassing network access control (NAC) systems", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446421/100/0/threaded" - }, - { - "name" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf" - }, - { - "name" : "30978", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060919 White paper release: Bypassing network access control (NAC) systems", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446421/100/0/threaded" + }, + { + "name": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf" + }, + { + "name": "30978", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30978" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2076.json b/2010/2xxx/CVE-2010-2076.json index b3936d9d849..0fb8d6a65a2 100644 --- a/2010/2xxx/CVE-2010-2076.json +++ b/2010/2xxx/CVE-2010-2076.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[cxf-users] 20100616 Important - Apache CXF security advisory CVE-2010-2076", - "refsource" : "MLIST", - "url" : "http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html" - }, - { - "name" : "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html" - }, - { - "name" : "http://geronimo.apache.org/21x-security-report.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/21x-security-report.html" - }, - { - "name" : "http://geronimo.apache.org/22x-security-report.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/22x-security-report.html" - }, - { - "name" : "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf" - }, - { - "name" : "https://issues.apache.org/jira/browse/GERONIMO-5383", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/GERONIMO-5383" - }, - { - "name" : "42492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42492" - }, - { - "name" : "40969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40969" - }, - { - "name" : "41016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41016" - }, - { - "name" : "41025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42492" + }, + { + "name": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html" + }, + { + "name": "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf" + }, + { + "name": "41025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41025" + }, + { + "name": "http://geronimo.apache.org/22x-security-report.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/22x-security-report.html" + }, + { + "name": "41016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41016" + }, + { + "name": "https://issues.apache.org/jira/browse/GERONIMO-5383", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/GERONIMO-5383" + }, + { + "name": "[cxf-users] 20100616 Important - Apache CXF security advisory CVE-2010-2076", + "refsource": "MLIST", + "url": "http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html" + }, + { + "name": "http://geronimo.apache.org/21x-security-report.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/21x-security-report.html" + }, + { + "name": "40969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40969" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2937.json b/2010/2xxx/CVE-2010-2937.json index 4d4fb301c52..3c45820b215 100644 --- a/2010/2xxx/CVE-2010-2937.json +++ b/2010/2xxx/CVE-2010-2937.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a" - }, - { - "name" : "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516" - }, - { - "name" : "http://www.videolan.org/security/sa1004.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1004.html" - }, - { - "name" : "42386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42386" - }, - { - "name" : "oval:org.mitre.oval:def:14676", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676" - }, - { - "name" : "ADV-2010-2087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a" + }, + { + "name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516" + }, + { + "name": "http://www.videolan.org/security/sa1004.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1004.html" + }, + { + "name": "42386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42386" + }, + { + "name": "ADV-2010-2087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2087" + }, + { + "name": "oval:org.mitre.oval:def:14676", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3272.json b/2010/3xxx/CVE-2010-3272.json index 4112c145a87..9df12423496 100644 --- a/2010/3xxx/CVE-2010-3272.json +++ b/2010/3xxx/CVE-2010-3272.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516396/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities" - }, - { - "name" : "46331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46331" - }, - { - "name" : "70870", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70870" - }, - { - "name" : "43241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43241" - }, - { - "name" : "8089", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8089" - }, - { - "name" : "ADV-2011-0392", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0392" - }, - { - "name" : "adselfservice-pwr-weak-security(65350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43241" + }, + { + "name": "ADV-2011-0392", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0392" + }, + { + "name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded" + }, + { + "name": "8089", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8089" + }, + { + "name": "adselfservice-pwr-weak-security(65350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65350" + }, + { + "name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities" + }, + { + "name": "46331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46331" + }, + { + "name": "70870", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70870" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3433.json b/2010/3xxx/CVE-2010-3433.json index 7e7d349fe62..b38fbec9535 100644 --- a/2010/3xxx/CVE-2010-3433.json +++ b/2010/3xxx/CVE-2010-3433.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news.1244", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.1244" - }, - { - "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639371", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639371" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-2120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2120" - }, - { - "name" : "FEDORA-2010-15954", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html" - }, - { - "name" : "FEDORA-2010-15960", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html" - }, - { - "name" : "HPSBMU02781", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "SSRT100617", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "MDVSA-2010:197", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:197" - }, - { - "name" : "RHSA-2010:0742", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0742.html" - }, - { - "name" : "RHSA-2010:0908", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0908.html" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "USN-1002-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1002-1" - }, - { - "name" : "USN-1002-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1002-2" - }, - { - "name" : "43747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43747" - }, - { - "name" : "oval:org.mitre.oval:def:7291", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291" - }, - { - "name" : "42325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42325" - }, - { - "name" : "ADV-2010-3051", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-15960", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html" + }, + { + "name": "oval:org.mitre.oval:def:7291", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291" + }, + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "HPSBMU02781", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "USN-1002-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1002-2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639371", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639371" + }, + { + "name": "FEDORA-2010-15954", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html" + }, + { + "name": "ADV-2010-3051", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3051" + }, + { + "name": "RHSA-2010:0742", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0742.html" + }, + { + "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-1.html" + }, + { + "name": "USN-1002-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1002-1" + }, + { + "name": "MDVSA-2010:197", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:197" + }, + { + "name": "42325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42325" + }, + { + "name": "RHSA-2010:0908", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0908.html" + }, + { + "name": "DSA-2120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2120" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "43747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43747" + }, + { + "name": "SSRT100617", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "http://www.postgresql.org/about/news.1244", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.1244" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0599.json b/2011/0xxx/CVE-2011-0599.json index ca6f6eb3008..ee22c763bf0 100644 --- a/2011/0xxx/CVE-2011-0599.json +++ b/2011/0xxx/CVE-2011-0599.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516314" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-072/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-072/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46220" - }, - { - "name" : "oval:org.mitre.oval:def:12424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12424" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46220" + }, + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "oval:org.mitre.oval:def:12424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12424" + }, + { + "name": "20110208 ZDI-11-072: Adobe Reader BMP ColorData Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516314" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-072/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-072/" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0878.json b/2011/0xxx/CVE-2011-0878.json index 6892853f6cb..fae4a8c42f4 100644 --- a/2011/0xxx/CVE-2011-0878.json +++ b/2011/0xxx/CVE-2011-0878.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0878", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0878", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1148.json b/2011/1xxx/CVE-2011-1148.json index c576c5e9ed5..6aadab50052 100644 --- a/2011/1xxx/CVE-2011-1148.json +++ b/2011/1xxx/CVE-2011-1148.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/13/2" - }, - { - "name" : "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/13/3" - }, - { - "name" : "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/13/9" - }, - { - "name" : "http://bugs.php.net/bug.php?id=54238", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=54238" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.3.7", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.3.7" - }, - { - "name" : "http://www.php.net/archive/2011.php#id2011-08-18-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2011.php#id2011-08-18-1" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "MDVSA-2011:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165" - }, - { - "name" : "RHSA-2011:1423", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1423.html" - }, - { - "name" : "46843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46843" - }, - { - "name" : "49241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49241" - }, - { - "name" : "php-substrreplace-code-exec(66080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "49241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49241" + }, + { + "name": "[oss-security] 20110313 CVE request: PHP substr_replace() use-after-free", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/13/2" + }, + { + "name": "MDVSA-2011:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165" + }, + { + "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/13/9" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "[oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/13/3" + }, + { + "name": "http://bugs.php.net/bug.php?id=54238", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=54238" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "RHSA-2011:1423", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.3.7", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.3.7" + }, + { + "name": "php-substrreplace-code-exec(66080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66080" + }, + { + "name": "46843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46843" + }, + { + "name": "http://www.php.net/archive/2011.php#id2011-08-18-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2011.php#id2011-08-18-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1585.json b/2011/1xxx/CVE-2011-1585.json index e760ac7e807..1ee08302000 100644 --- a/2011/1xxx/CVE-2011-1585.json +++ b/2011/1xxx/CVE-2011-1585.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110415 Re: CVE Request: cifs session reuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/04/15/8" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=697394", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=697394" - }, - { - "name" : "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" + }, + { + "name": "[oss-security] 20110415 Re: CVE Request: cifs session reuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/04/15/8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=697394", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=697394" + }, + { + "name": "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ff67b720c02c36e54d55b88c2931879b7db1cd2" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1651.json b/2011/1xxx/CVE-2011-1651.json index b1413650abb..3d8e9c8602f 100644 --- a/2011/1xxx/CVE-2011-1651.json +++ b/2011/1xxx/CVE-2011-1651.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110525 Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f191.shtml" - }, - { - "name" : "1025567", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025567", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025567" + }, + { + "name": "20110525 Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f191.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3289.json b/2014/3xxx/CVE-2014-3289.json index f691ebf8079..b1051003ea0 100644 --- a/2014/3xxx/CVE-2014-3289.json +++ b/2014/3xxx/CVE-2014-3289.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/57" - }, - { - "name" : "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569" - }, - { - "name" : "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289" - }, - { - "name" : "VU#613308", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/613308" - }, - { - "name" : "67943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67943" - }, - { - "name" : "1030407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030407" - }, - { - "name" : "58296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030407" + }, + { + "name": "VU#613308", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/613308" + }, + { + "name": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html" + }, + { + "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/57" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34569" + }, + { + "name": "58296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58296" + }, + { + "name": "20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289" + }, + { + "name": "67943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67943" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3451.json b/2014/3xxx/CVE-2014-3451.json index 02cc8e7f89d..331738a0c52 100644 --- a/2014/3xxx/CVE-2014-3451.json +++ b/2014/3xxx/CVE-2014-3451.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150424 Incorrect handling of self signed certificates in OpenFire XMPP Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535363/100/1100/threaded" - }, - { - "name" : "[oss-security] 20150423 Incorrect handling of self signed certificates in OpenFire XMPP Server", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/23/16" - }, - { - "name" : "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html" - }, - { - "name" : "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released", - "refsource" : "MISC", - "url" : "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released" - }, - { - "name" : "74305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150423 Incorrect handling of self signed certificates in OpenFire XMPP Server", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/23/16" + }, + { + "name": "20150424 Incorrect handling of self signed certificates in OpenFire XMPP Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535363/100/1100/threaded" + }, + { + "name": "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released", + "refsource": "MISC", + "url": "https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released" + }, + { + "name": "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html" + }, + { + "name": "74305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74305" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3537.json b/2014/3xxx/CVE-2014-3537.json index 9569618b7a3..2fff7f93742 100644 --- a/2014/3xxx/CVE-2014-3537.json +++ b/2014/3xxx/CVE-2014-3537.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cups.org/blog.php?L724", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/blog.php?L724" - }, - { - "name" : "http://www.cups.org/str.php?L4450", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/str.php?L4450" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1115576", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1115576" - }, - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0313.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0313.html" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "FEDORA-2014-8351", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html" - }, - { - "name" : "MDVSA-2015:108", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108" - }, - { - "name" : "RHSA-2014:1388", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1388.html" - }, - { - "name" : "USN-2293-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2293-1" - }, - { - "name" : "68788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68788" - }, - { - "name" : "1030611", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030611" - }, - { - "name" : "59945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59945" - }, - { - "name" : "60787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60787" - }, - { - "name" : "60273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-8351", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html" + }, + { + "name": "60273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60273" + }, + { + "name": "http://www.cups.org/blog.php?L724", + "refsource": "CONFIRM", + "url": "http://www.cups.org/blog.php?L724" + }, + { + "name": "RHSA-2014:1388", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1388.html" + }, + { + "name": "USN-2293-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2293-1" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "68788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68788" + }, + { + "name": "60787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60787" + }, + { + "name": "http://www.cups.org/str.php?L4450", + "refsource": "CONFIRM", + "url": "http://www.cups.org/str.php?L4450" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576" + }, + { + "name": "59945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59945" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "1030611", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030611" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0313.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0313.html" + }, + { + "name": "MDVSA-2015:108", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3603.json b/2014/3xxx/CVE-2014-3603.json index 02360493fa9..d90243914f3 100644 --- a/2014/3xxx/CVE-2014-3603.json +++ b/2014/3xxx/CVE-2014-3603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3603", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3603", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3692.json b/2014/3xxx/CVE-2014-3692.json index ab49ad55632..1037f72c1b5 100644 --- a/2014/3xxx/CVE-2014-3692.json +++ b/2014/3xxx/CVE-2014-3692.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2015:0028", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0028.html" - }, - { - "name" : "62255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62255" + }, + { + "name": "RHSA-2015:0028", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6048.json b/2014/6xxx/CVE-2014-6048.json index a8176e1ba1e..68cdce9e416 100644 --- a/2014/6xxx/CVE-2014-6048.json +++ b/2014/6xxx/CVE-2014-6048.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://techdefencelabs.com/security-advisories.html", - "refsource" : "MISC", - "url" : "http://techdefencelabs.com/security-advisories.html" - }, - { - "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://techdefencelabs.com/security-advisories.html", + "refsource": "MISC", + "url": "http://techdefencelabs.com/security-advisories.html" + }, + { + "name": "https://www.phpmyfaq.de/security/advisory-2014-09-16", + "refsource": "CONFIRM", + "url": "https://www.phpmyfaq.de/security/advisory-2014-09-16" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6469.json b/2014/6xxx/CVE-2014-6469.json index 4509c131fc1..f0d9437e976 100644 --- a/2014/6xxx/CVE-2014-6469.json +++ b/2014/6xxx/CVE-2014-6469.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201411-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201411-02.xml" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70446" - }, - { - "name" : "61579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61579" - }, - { - "name" : "62073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62073" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "70446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70446" + }, + { + "name": "GLSA-201411-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "61579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61579" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6747.json b/2014/6xxx/CVE-2014-6747.json index 67287367c2a..fe902a109a6 100644 --- a/2014/6xxx/CVE-2014-6747.json +++ b/2014/6xxx/CVE-2014-6747.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#439497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/439497" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#439497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/439497" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6757.json b/2014/6xxx/CVE-2014-6757.json index 2a072224e4b..2cc172cb294 100644 --- a/2014/6xxx/CVE-2014-6757.json +++ b/2014/6xxx/CVE-2014-6757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#910385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/910385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#910385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/910385" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7405.json b/2014/7xxx/CVE-2014-7405.json index 69532fa5cc6..ee9c16b85f1 100644 --- a/2014/7xxx/CVE-2014-7405.json +++ b/2014/7xxx/CVE-2014-7405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#708865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/708865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#708865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/708865" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7406.json b/2014/7xxx/CVE-2014-7406.json index a332e6157d8..c40b9480130 100644 --- a/2014/7xxx/CVE-2014-7406.json +++ b/2014/7xxx/CVE-2014-7406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#615057", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/615057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#615057", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/615057" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7919.json b/2014/7xxx/CVE-2014-7919.json index c3645fe1640..8f55f18f881 100644 --- a/2014/7xxx/CVE-2014-7919.json +++ b/2014/7xxx/CVE-2014-7919.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0" - }, - { - "name" : "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md" - }, - { - "name" : "https://github.com/alexpark07/Bookmark/issues/1", - "refsource" : "CONFIRM", - "url" : "https://github.com/alexpark07/Bookmark/issues/1" - }, - { - "name" : "99014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md", + "refsource": "CONFIRM", + "url": "https://github.com/alexpark07/Bookmark/blob/master/BugHunting.md" + }, + { + "name": "https://github.com/alexpark07/Bookmark/issues/1", + "refsource": "CONFIRM", + "url": "https://github.com/alexpark07/Bookmark/issues/1" + }, + { + "name": "99014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99014" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/ae33effd43a615183f089f0a216b5965e8104842%5E%21/#F0" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7990.json b/2014/7xxx/CVE-2014-7990.json index 2b81100e3b3..c022566f18e 100644 --- a/2014/7xxx/CVE-2014-7990.json +++ b/2014/7xxx/CVE-2014-7990.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the \"request system shell\" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-7990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351" - }, - { - "name" : "20141106 Cisco IOS XE Challenge/Response Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990" - }, - { - "name" : "70968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70968" - }, - { - "name" : "1031179", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031179" - }, - { - "name" : "ciscoiosxe-cve20147990-sec-bypass(98529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the \"request system shell\" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141106 Cisco IOS XE Challenge/Response Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351" + }, + { + "name": "ciscoiosxe-cve20147990-sec-bypass(98529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98529" + }, + { + "name": "70968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70968" + }, + { + "name": "1031179", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031179" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8099.json b/2014/8xxx/CVE-2014-8099.json index 303abec86c1..c963bd447ed 100644 --- a/2014/8xxx/CVE-2014-8099.json +++ b/2014/8xxx/CVE-2014-8099.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0532.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0532.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3095", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3095" - }, - { - "name" : "GLSA-201504-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-06" - }, - { - "name" : "MDVSA-2015:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" - }, - { - "name" : "71600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71600" - }, - { - "name" : "62292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62292" - }, - { - "name" : "61947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3095", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3095" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0532.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0532.html" + }, + { + "name": "GLSA-201504-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-06" + }, + { + "name": "62292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62292" + }, + { + "name": "71600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71600" + }, + { + "name": "MDVSA-2015:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "61947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61947" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8114.json b/2014/8xxx/CVE-2014-8114.json index 318eb4cdae1..ecff71fab72 100644 --- a/2014/8xxx/CVE-2014-8114.json +++ b/2014/8xxx/CVE-2014-8114.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/uberfire/uberfire/commit/21ec50eb15", - "refsource" : "CONFIRM", - "url" : "https://github.com/uberfire/uberfire/commit/21ec50eb15" - }, - { - "name" : "RHSA-2015:0234", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0234.html" - }, - { - "name" : "RHSA-2015:0235", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0235.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0234", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html" + }, + { + "name": "RHSA-2015:0235", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html" + }, + { + "name": "https://github.com/uberfire/uberfire/commit/21ec50eb15", + "refsource": "CONFIRM", + "url": "https://github.com/uberfire/uberfire/commit/21ec50eb15" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8204.json b/2014/8xxx/CVE-2014-8204.json index 7930c02a184..00a7f68d216 100644 --- a/2014/8xxx/CVE-2014-8204.json +++ b/2014/8xxx/CVE-2014-8204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8204", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8204", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8809.json b/2014/8xxx/CVE-2014-8809.json index 769ae7845d7..d28315abd32 100644 --- a/2014/8xxx/CVE-2014-8809.json +++ b/2014/8xxx/CVE-2014-8809.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html" - }, - { - "name" : "http://www.wpsymposium.com/release-information-for-v14-11/", - "refsource" : "CONFIRM", - "url" : "http://www.wpsymposium.com/release-information-for-v14-11/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html" + }, + { + "name": "http://www.wpsymposium.com/release-information-for-v14-11/", + "refsource": "CONFIRM", + "url": "http://www.wpsymposium.com/release-information-for-v14-11/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8927.json b/2014/8xxx/CVE-2014-8927.json index 35fdffffec5..8d2915a4537 100644 --- a/2014/8xxx/CVE-2014-8927.json +++ b/2014/8xxx/CVE-2014-8927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882695", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9886.json b/2014/9xxx/CVE-2014-9886.json index c193db4dbed..da194195588 100644 --- a/2014/9xxx/CVE-2014-9886.json +++ b/2014/9xxx/CVE-2014-9886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2194.json b/2016/2xxx/CVE-2016-2194.json index 7582c1f8eb7..f27fed88451 100644 --- a/2016/2xxx/CVE-2016-2194.json +++ b/2016/2xxx/CVE-2016-2194.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=botan-devel&m=145435148602911&w=2" - }, - { - "name" : "[botan-devel] 20160203 Botan 1.10.12 released", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=botan-devel&m=145449001708138&w=2" - }, - { - "name" : "http://botan.randombit.net/security.html", - "refsource" : "CONFIRM", - "url" : "http://botan.randombit.net/security.html" - }, - { - "name" : "DSA-3565", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3565" - }, - { - "name" : "GLSA-201612-38", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-38" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes", + "refsource": "MLIST", + "url": "http://marc.info/?l=botan-devel&m=145435148602911&w=2" + }, + { + "name": "[botan-devel] 20160203 Botan 1.10.12 released", + "refsource": "MLIST", + "url": "http://marc.info/?l=botan-devel&m=145449001708138&w=2" + }, + { + "name": "DSA-3565", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3565" + }, + { + "name": "GLSA-201612-38", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-38" + }, + { + "name": "http://botan.randombit.net/security.html", + "refsource": "CONFIRM", + "url": "http://botan.randombit.net/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2405.json b/2016/2xxx/CVE-2016-2405.json index 3381eb2d88f..e2157debad4 100644 --- a/2016/2xxx/CVE-2016-2405.json +++ b/2016/2xxx/CVE-2016-2405.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2808.json b/2016/2xxx/CVE-2016-2808.json index eff30dfe621..e451b5303b9 100644 --- a/2016/2xxx/CVE-2016-2808.json +++ b/2016/2xxx/CVE-2016-2808.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3559", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3559" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "RHSA-2016:0695", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0695.html" - }, - { - "name" : "openSUSE-SU-2016:1211", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:1258", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:1251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:1352", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1374", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html" - }, - { - "name" : "USN-2936-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2936-1" - }, - { - "name" : "USN-2936-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2936-2" - }, - { - "name" : "USN-2936-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2936-3" - }, - { - "name" : "1035692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1211", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "RHSA-2016:0695", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html" + }, + { + "name": "1035692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035692" + }, + { + "name": "SUSE-SU-2016:1374", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html" + }, + { + "name": "openSUSE-SU-2016:1251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" + }, + { + "name": "USN-2936-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2936-2" + }, + { + "name": "SUSE-SU-2016:1352", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-47.html" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "DSA-3559", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3559" + }, + { + "name": "USN-2936-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2936-1" + }, + { + "name": "USN-2936-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2936-3" + }, + { + "name": "SUSE-SU-2016:1258", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246061" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2963.json b/2016/2xxx/CVE-2016-2963.json index c0322b02f43..3fbe8a19eb2 100644 --- a/2016/2xxx/CVE-2016-2963.json +++ b/2016/2xxx/CVE-2016-2963.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991867", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991867" - }, - { - "name" : "IV89797", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89797" - }, - { - "name" : "94596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV89797", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89797" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991867", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991867" + }, + { + "name": "94596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94596" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6053.json b/2016/6xxx/CVE-2016-6053.json index 325cc16d16a..3775bf3aee2 100644 --- a/2016/6xxx/CVE-2016-6053.json +++ b/2016/6xxx/CVE-2016-6053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6053", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6053", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6453.json b/2016/6xxx/CVE-2016-6453.json index 3fcf0b32376..ba2c232b775 100644 --- a/2016/6xxx/CVE-2016-6453.json +++ b/2016/6xxx/CVE-2016-6453.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine 1.3(0.876)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine 1.3(0.876)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine 1.3(0.876)", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine 1.3(0.876)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise" - }, - { - "name" : "93897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93897" - }, - { - "name" : "1037109", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise" + }, + { + "name": "1037109", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037109" + }, + { + "name": "93897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93897" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6967.json b/2016/6xxx/CVE-2016-6967.json index 5f821270c76..c7cc69c0d2f 100644 --- a/2016/6xxx/CVE-2016-6967.json +++ b/2016/6xxx/CVE-2016-6967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93491" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "93491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93491" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18145.json b/2017/18xxx/CVE-2017-18145.json index be46117ee2f..46639e63a95 100644 --- a/2017/18xxx/CVE-2017-18145.json +++ b/2017/18xxx/CVE-2017-18145.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1166.json b/2017/1xxx/CVE-2017-1166.json index f5d8a452112..95f90a8593e 100644 --- a/2017/1xxx/CVE-2017-1166.json +++ b/2017/1xxx/CVE-2017-1166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5118.json b/2017/5xxx/CVE-2017-5118.json index 7dbcebe0d79..bc22160628f 100644 --- a/2017/5xxx/CVE-2017-5118.json +++ b/2017/5xxx/CVE-2017-5118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Policy bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/747847", - "refsource" : "MISC", - "url" : "https://crbug.com/747847" - }, - { - "name" : "DSA-3985", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3985" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:2676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2676" - }, - { - "name" : "100610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100610" - }, - { - "name" : "1039291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Policy bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/747847", + "refsource": "MISC", + "url": "https://crbug.com/747847" + }, + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "RHSA-2017:2676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2676" + }, + { + "name": "1039291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039291" + }, + { + "name": "100610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100610" + }, + { + "name": "DSA-3985", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3985" + }, + { + "name": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5167.json b/2017/5xxx/CVE-2017-5167.json index 8dcfd9a37cd..2d31b4693d1 100644 --- a/2017/5xxx/CVE-2017-5167.json +++ b/2017/5xxx/CVE-2017-5167.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BINOM3 Electric Power Quality Meter", - "version" : { - "version_data" : [ - { - "version_value" : "BINOM3 Electric Power Quality Meter" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "BINOM3 Electric Power Quality Meter hardcoded passwords" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BINOM3 Electric Power Quality Meter", + "version": { + "version_data": [ + { + "version_value": "BINOM3 Electric Power Quality Meter" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A" - }, - { - "name" : "93028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "BINOM3 Electric Power Quality Meter hardcoded passwords" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A" + }, + { + "name": "93028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93028" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5414.json b/2017/5xxx/CVE-2017-5414.json index 705edb66322..752d3b8edec 100644 --- a/2017/5xxx/CVE-2017-5414.json +++ b/2017/5xxx/CVE-2017-5414.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File picker can choose incorrect default directory" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "96692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96692" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File picker can choose incorrect default directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1319370" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "96692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96692" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5516.json b/2017/5xxx/CVE-2017-5516.json index f4f1627a28b..154665756b1 100644 --- a/2017/5xxx/CVE-2017-5516.json +++ b/2017/5xxx/CVE-2017-5516.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/65", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/65" - }, - { - "name" : "95622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/65", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/65" + }, + { + "name": "95622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95622" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5546.json b/2017/5xxx/CVE-2017-5546.json index 3306dd178ac..3a0abebc5e8 100644 --- a/2017/5xxx/CVE-2017-5546.json +++ b/2017/5xxx/CVE-2017-5546.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/21/3" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1415733", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1415733" - }, - { - "name" : "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f" - }, - { - "name" : "95711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f" + }, + { + "name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/21/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1415733", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415733" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5" + }, + { + "name": "95711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95711" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5800.json b/2017/5xxx/CVE-2017-5800.json index 5b921136e1f..b5e9de9e218 100644 --- a/2017/5xxx/CVE-2017-5800.json +++ b/2017/5xxx/CVE-2017-5800.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-03-31T00:00:00", - "ID" : "CVE-2017-5800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Operations Bridge Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "v3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Cross-Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-03-31T00:00:00", + "ID": "CVE-2017-5800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Operations Bridge Analytics", + "version": { + "version_data": [ + { + "version_value": "v3.0" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us" - }, - { - "name" : "97412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97412" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us" + } + ] + } +} \ No newline at end of file