From c0b9f6ed8b6daf0c90290c38b4808da5b9f4c153 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:34:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0053.json | 190 ++++++++++----------- 2006/0xxx/CVE-2006-0600.json | 170 +++++++++---------- 2006/1xxx/CVE-2006-1793.json | 140 ++++++++-------- 2006/3xxx/CVE-2006-3159.json | 190 ++++++++++----------- 2006/3xxx/CVE-2006-3612.json | 120 +++++++------- 2006/4xxx/CVE-2006-4355.json | 160 +++++++++--------- 2006/4xxx/CVE-2006-4554.json | 270 +++++++++++++++--------------- 2006/4xxx/CVE-2006-4873.json | 140 ++++++++-------- 2010/2xxx/CVE-2010-2207.json | 160 +++++++++--------- 2010/2xxx/CVE-2010-2595.json | 220 ++++++++++++------------- 2010/2xxx/CVE-2010-2810.json | 170 +++++++++---------- 2010/2xxx/CVE-2010-2908.json | 150 ++++++++--------- 2010/3xxx/CVE-2010-3218.json | 140 ++++++++-------- 2010/3xxx/CVE-2010-3228.json | 140 ++++++++-------- 2010/3xxx/CVE-2010-3354.json | 120 +++++++------- 2010/3xxx/CVE-2010-3621.json | 200 +++++++++++----------- 2010/4xxx/CVE-2010-4766.json | 130 +++++++-------- 2011/1xxx/CVE-2011-1091.json | 310 +++++++++++++++++------------------ 2014/3xxx/CVE-2014-3501.json | 130 +++++++-------- 2014/7xxx/CVE-2014-7026.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7407.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7777.json | 140 ++++++++-------- 2014/8xxx/CVE-2014-8108.json | 180 ++++++++++---------- 2014/8xxx/CVE-2014-8281.json | 34 ++-- 2014/8xxx/CVE-2014-8284.json | 34 ++-- 2014/8xxx/CVE-2014-8541.json | 150 ++++++++--------- 2014/8xxx/CVE-2014-8902.json | 140 ++++++++-------- 2014/9xxx/CVE-2014-9063.json | 34 ++-- 2014/9xxx/CVE-2014-9320.json | 34 ++-- 2014/9xxx/CVE-2014-9621.json | 180 ++++++++++---------- 2014/9xxx/CVE-2014-9792.json | 140 ++++++++-------- 2016/2xxx/CVE-2016-2241.json | 34 ++-- 2016/2xxx/CVE-2016-2567.json | 120 +++++++------- 2016/2xxx/CVE-2016-2759.json | 34 ++-- 2016/6xxx/CVE-2016-6038.json | 140 ++++++++-------- 2016/6xxx/CVE-2016-6799.json | 130 +++++++-------- 2016/6xxx/CVE-2016-6862.json | 34 ++-- 2016/6xxx/CVE-2016-6866.json | 180 ++++++++++---------- 2017/5xxx/CVE-2017-5170.json | 130 +++++++-------- 2017/5xxx/CVE-2017-5488.json | 190 ++++++++++----------- 2017/5xxx/CVE-2017-5817.json | 152 ++++++++--------- 41 files changed, 2870 insertions(+), 2870 deletions(-) diff --git a/2006/0xxx/CVE-2006-0053.json b/2006/0xxx/CVE-2006-0053.json index 3653353d3d2..ddc3dd7d9f2 100644 --- a/2006/0xxx/CVE-2006-0053.json +++ b/2006/0xxx/CVE-2006-0053.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rt.cpan.org/Public/Bug/Display.html?id=18397", - "refsource" : "MISC", - "url" : "http://rt.cpan.org/Public/Bug/Display.html?id=18397" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661" - }, - { - "name" : "DSA-1028", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1028" - }, - { - "name" : "17415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17415" - }, - { - "name" : "ADV-2006-1294", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1294" - }, - { - "name" : "19577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19577" - }, - { - "name" : "19575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19575" - }, - { - "name" : "imager-jpeg-tga-dos(25717)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1028", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1028" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661" + }, + { + "name": "imager-jpeg-tga-dos(25717)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25717" + }, + { + "name": "17415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17415" + }, + { + "name": "19577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19577" + }, + { + "name": "ADV-2006-1294", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1294" + }, + { + "name": "http://rt.cpan.org/Public/Bug/Display.html?id=18397", + "refsource": "MISC", + "url": "http://rt.cpan.org/Public/Bug/Display.html?id=18397" + }, + { + "name": "19575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19575" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0600.json b/2006/0xxx/CVE-2006-0600.json index 4323f936bcc..9a73b61c536 100644 --- a/2006/0xxx/CVE-2006-0600.json +++ b/2006/0xxx/CVE-2006-0600.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" - }, - { - "name" : "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c", - "refsource" : "MISC", - "url" : "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c" - }, - { - "name" : "DSA-967", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-967" - }, - { - "name" : "16579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16579" - }, - { - "name" : "18783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18783" - }, - { - "name" : "elog-fail-redirect-dos(24707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16579" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528" + }, + { + "name": "18783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18783" + }, + { + "name": "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c", + "refsource": "MISC", + "url": "http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.c" + }, + { + "name": "elog-fail-redirect-dos(24707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24707" + }, + { + "name": "DSA-967", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-967" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1793.json b/2006/1xxx/CVE-2006-1793.json index 519d80c6523..542f5db4e88 100644 --- a/2006/1xxx/CVE-2006-1793.json +++ b/2006/1xxx/CVE-2006-1793.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424708" - }, - { - "name" : "http://retrogod.altervista.org/runcms_13a_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/runcms_13a_xpl.html" - }, - { - "name" : "16578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16578" + }, + { + "name": "20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424708" + }, + { + "name": "http://retrogod.altervista.org/runcms_13a_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/runcms_13a_xpl.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3159.json b/2006/3xxx/CVE-2006-3159.json index ae4e0ed20e9..da1f04462f0 100644 --- a/2006/3xxx/CVE-2006-3159.json +++ b/2006/3xxx/CVE-2006-3159.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 Sun iPlanet Messaging Server 5.2 root password compromise", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html" - }, - { - "name" : "102496", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1" - }, - { - "name" : "18749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18749" - }, - { - "name" : "ADV-2006-2633", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2633" - }, - { - "name" : "1016312", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016312" - }, - { - "name" : "1016416", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016416" - }, - { - "name" : "20919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20919" - }, - { - "name" : "iplanet-msgconf-symlink(27220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016416", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016416" + }, + { + "name": "102496", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1" + }, + { + "name": "1016312", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016312" + }, + { + "name": "iplanet-msgconf-symlink(27220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27220" + }, + { + "name": "ADV-2006-2633", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2633" + }, + { + "name": "20060614 Sun iPlanet Messaging Server 5.2 root password compromise", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html" + }, + { + "name": "18749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18749" + }, + { + "name": "20919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20919" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3612.json b/2006/3xxx/CVE-2006-3612.json index d857ebb7083..35440ce19b4 100644 --- a/2006/3xxx/CVE-2006-3612.json +++ b/2006/3xxx/CVE-2006-3612.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phorum.org/phorum5/read.php?14,114358", - "refsource" : "CONFIRM", - "url" : "http://www.phorum.org/phorum5/read.php?14,114358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phorum.org/phorum5/read.php?14,114358", + "refsource": "CONFIRM", + "url": "http://www.phorum.org/phorum5/read.php?14,114358" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4355.json b/2006/4xxx/CVE-2006-4355.json index 105e91b5077..82b08a17d23 100644 --- a/2006/4xxx/CVE-2006-4355.json +++ b/2006/4xxx/CVE-2006-4355.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/80087", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/80087" - }, - { - "name" : "19670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19670" - }, - { - "name" : "ADV-2006-3365", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3365" - }, - { - "name" : "21603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21603" - }, - { - "name" : "easylinks-unspecified-xss(28525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21603" + }, + { + "name": "ADV-2006-3365", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3365" + }, + { + "name": "easylinks-unspecified-xss(28525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28525" + }, + { + "name": "19670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19670" + }, + { + "name": "http://drupal.org/node/80087", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/80087" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4554.json b/2006/4xxx/CVE-2006-4554.json index 1c682652ebf..1d9eb8c8c5d 100644 --- a/2006/4xxx/CVE-2006-4554.json +++ b/2006/4xxx/CVE-2006-4554.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060831 Compression Plus and Tumblweed EMF Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444881/100/0/threaded" - }, - { - "name" : "http://www.mnin.org/advisories/2006_cp5_tweed.pdf", - "refsource" : "MISC", - "url" : "http://www.mnin.org/advisories/2006_cp5_tweed.pdf" - }, - { - "name" : "http://www.becubed.com/downloads/compfix.txt", - "refsource" : "CONFIRM", - "url" : "http://www.becubed.com/downloads/compfix.txt" - }, - { - "name" : "19796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19796" - }, - { - "name" : "ADV-2006-3428", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3428" - }, - { - "name" : "ADV-2006-3429", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3429" - }, - { - "name" : "ADV-2006-3437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3437" - }, - { - "name" : "ADV-2006-3438", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3438" - }, - { - "name" : "ADV-2006-3439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3439" - }, - { - "name" : "21714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21714" - }, - { - "name" : "21718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21718" - }, - { - "name" : "21720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21720" - }, - { - "name" : "21750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21750" - }, - { - "name" : "21751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21751" - }, - { - "name" : "1498", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1498" - }, - { - "name" : "compressionplus-zoo-bo(28693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060831 Compression Plus and Tumblweed EMF Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444881/100/0/threaded" + }, + { + "name": "http://www.becubed.com/downloads/compfix.txt", + "refsource": "CONFIRM", + "url": "http://www.becubed.com/downloads/compfix.txt" + }, + { + "name": "21750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21750" + }, + { + "name": "ADV-2006-3438", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3438" + }, + { + "name": "ADV-2006-3437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3437" + }, + { + "name": "21718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21718" + }, + { + "name": "ADV-2006-3428", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3428" + }, + { + "name": "ADV-2006-3429", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3429" + }, + { + "name": "compressionplus-zoo-bo(28693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28693" + }, + { + "name": "21720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21720" + }, + { + "name": "21751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21751" + }, + { + "name": "ADV-2006-3439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3439" + }, + { + "name": "19796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19796" + }, + { + "name": "1498", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1498" + }, + { + "name": "http://www.mnin.org/advisories/2006_cp5_tweed.pdf", + "refsource": "MISC", + "url": "http://www.mnin.org/advisories/2006_cp5_tweed.pdf" + }, + { + "name": "21714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21714" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4873.json b/2006/4xxx/CVE-2006-4873.json index 9b9ebdcfc82..97a0dd3ca93 100644 --- a/2006/4xxx/CVE-2006-4873.json +++ b/2006/4xxx/CVE-2006-4873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 Jupiter CMS Multiple injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446064/100/0/threaded" - }, - { - "name" : "20048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20048" - }, - { - "name" : "1608", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060915 Jupiter CMS Multiple injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446064/100/0/threaded" + }, + { + "name": "20048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20048" + }, + { + "name": "1608", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1608" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2207.json b/2010/2xxx/CVE-2010-2207.json index f80324a7c7b..610b12449ae 100644 --- a/2010/2xxx/CVE-2010-2207.json +++ b/2010/2xxx/CVE-2010-2207.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" - }, - { - "name" : "41239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41239" - }, - { - "name" : "oval:org.mitre.oval:def:6849", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6849" - }, - { - "name" : "1024159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024159" - }, - { - "name" : "ADV-2010-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1636" + }, + { + "name": "41239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41239" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html" + }, + { + "name": "1024159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024159" + }, + { + "name": "oval:org.mitre.oval:def:6849", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6849" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2595.json b/2010/2xxx/CVE-2010-2595.json index 5e9cbb62a11..82792b1640f 100644 --- a/2010/2xxx/CVE-2010-2595.json +++ b/2010/2xxx/CVE-2010-2595.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2208", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2208" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081" - }, - { - "name" : "http://blackberry.com/btsc/KB27244", - "refsource" : "CONFIRM", - "url" : "http://blackberry.com/btsc/KB27244" - }, - { - "name" : "DSA-2552", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2552" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "RHSA-2010:0519", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0519.html" - }, - { - "name" : "40422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40422" - }, - { - "name" : "40527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40527" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - }, - { - "name" : "ADV-2010-1761", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40527" + }, + { + "name": "[oss-security] 20100623 CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + }, + { + "name": "DSA-2552", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2552" + }, + { + "name": "http://blackberry.com/btsc/KB27244", + "refsource": "CONFIRM", + "url": "http://blackberry.com/btsc/KB27244" + }, + { + "name": "ADV-2010-1761", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1761" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2208", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2208" + }, + { + "name": "RHSA-2010:0519", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" + }, + { + "name": "40422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40422" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2810.json b/2010/2xxx/CVE-2010-2810.json index 19fb737e603..faeeae2e077 100644 --- a/2010/2xxx/CVE-2010-2810.json +++ b/2010/2xxx/CVE-2010-2810.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100809 CVE request: Lynx", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128151768510564&w=2" - }, - { - "name" : "[oss-security] 20100809 Re: CVE request: Lynx", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128152412221677&w=2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254" - }, - { - "name" : "USN-1642-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1642-1" - }, - { - "name" : "ADV-2010-2042", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2042" - }, - { - "name" : "lynx-converttoidna-bo(61007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lynx-converttoidna-bo(61007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007" + }, + { + "name": "[oss-security] 20100809 Re: CVE request: Lynx", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128152412221677&w=2" + }, + { + "name": "ADV-2010-2042", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2042" + }, + { + "name": "USN-1642-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1642-1" + }, + { + "name": "[oss-security] 20100809 CVE request: Lynx", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128151768510564&w=2" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2908.json b/2010/2xxx/CVE-2010-2908.json index 3cfaabe8bd9..92154cd5a99 100644 --- a/2010/2xxx/CVE-2010-2908.json +++ b/2010/2xxx/CVE-2010-2908.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14466", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14466" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt" - }, - { - "name" : "ADV-2010-1923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1923" - }, - { - "name" : "joomdle-index-sql-injection(60623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14466", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14466" + }, + { + "name": "joomdle-index-sql-injection(60623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60623" + }, + { + "name": "ADV-2010-1923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1923" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/joomlajoomdle-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3218.json b/2010/3xxx/CVE-2010-3218.json index e6ff17b67cb..4f8f749d747 100644 --- a/2010/3xxx/CVE-2010-3218.json +++ b/2010/3xxx/CVE-2010-3218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka \"Word Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka \"Word Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7010" + }, + { + "name": "MS10-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3228.json b/2010/3xxx/CVE-2010-3228.json index b9b40e9c675..5391df16ea3 100644 --- a/2010/3xxx/CVE-2010-3228.json +++ b/2010/3xxx/CVE-2010-3228.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka \".NET Framework x64 JIT Compiler Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-077" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6824", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka \".NET Framework x64 JIT Compiler Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6824", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6824" + }, + { + "name": "MS10-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-077" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3354.json b/2010/3xxx/CVE-2010-3354.json index 011a98fb3e6..3751d74d7c4 100644 --- a/2010/3xxx/CVE-2010-3354.json +++ b/2010/3xxx/CVE-2010-3354.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3621.json b/2010/3xxx/CVE-2010-3621.json index da57bce6230..164ad1b7250 100644 --- a/2010/3xxx/CVE-2010-3621.json +++ b/2010/3xxx/CVE-2010-3621.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7386", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7386" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7386", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7386" + }, + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4766.json b/2010/4xxx/CVE-2010-4766.json index 0c86a47ed08..a90dda47abd 100644 --- a/2010/4xxx/CVE-2010-4766.json +++ b/2010/4xxx/CVE-2010-4766.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.otrs.org/show_bug.cgi?id=4818", - "refsource" : "CONFIRM", - "url" : "http://bugs.otrs.org/show_bug.cgi?id=4818" - }, - { - "name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", - "refsource" : "CONFIRM", - "url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.otrs.org/show_bug.cgi?id=4818", + "refsource": "CONFIRM", + "url": "http://bugs.otrs.org/show_bug.cgi?id=4818" + }, + { + "name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", + "refsource": "CONFIRM", + "url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1091.json b/2011/1xxx/CVE-2011-1091.json index c3270a5ee9f..2705fbd4d1e 100644 --- a/2011/1xxx/CVE-2011-1091.json +++ b/2011/1xxx/CVE-2011-1091.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=51", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=51" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=683031", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=683031" - }, - { - "name" : "FEDORA-2011-3113", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html" - }, - { - "name" : "FEDORA-2011-3150", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html" - }, - { - "name" : "RHSA-2011:0616", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0616.html" - }, - { - "name" : "RHSA-2011:1371", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1371.html" - }, - { - "name" : "SSA:2011-070-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884" - }, - { - "name" : "openSUSE-SU-2012:0066", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13195955" - }, - { - "name" : "46837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46837" - }, - { - "name" : "oval:org.mitre.oval:def:18402", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402" - }, - { - "name" : "43695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43695" - }, - { - "name" : "43721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43721" - }, - { - "name" : "46376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46376" - }, - { - "name" : "ADV-2011-0643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0643" - }, - { - "name" : "ADV-2011-0661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0661" - }, - { - "name" : "ADV-2011-0669", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0669" - }, - { - "name" : "ADV-2011-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0703" - }, - { - "name" : "pidgin-yahoo-protocol-dos(66055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0661" + }, + { + "name": "RHSA-2011:0616", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0616.html" + }, + { + "name": "openSUSE-SU-2012:0066", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13195955" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c" + }, + { + "name": "http://www.pidgin.im/news/security/?id=51", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=51" + }, + { + "name": "46837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46837" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=683031", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683031" + }, + { + "name": "ADV-2011-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0703" + }, + { + "name": "FEDORA-2011-3150", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html" + }, + { + "name": "43721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43721" + }, + { + "name": "SSA:2011-070-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884" + }, + { + "name": "pidgin-yahoo-protocol-dos(66055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66055" + }, + { + "name": "46376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46376" + }, + { + "name": "43695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43695" + }, + { + "name": "RHSA-2011:1371", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1371.html" + }, + { + "name": "oval:org.mitre.oval:def:18402", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402" + }, + { + "name": "ADV-2011-0669", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0669" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7" + }, + { + "name": "FEDORA-2011-3113", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html" + }, + { + "name": "ADV-2011-0643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0643" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3501.json b/2014/3xxx/CVE-2014-3501.json index 59b1a7d5684..7d11517cbfa 100644 --- a/2014/3xxx/CVE-2014-3501.json +++ b/2014/3xxx/CVE-2014-3501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html", - "refsource" : "CONFIRM", - "url" : "http://cordova.apache.org/announcements/2014/08/04/android-351.html" - }, - { - "name" : "69041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69041" + }, + { + "name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html", + "refsource": "CONFIRM", + "url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7026.json b/2014/7xxx/CVE-2014-7026.json index 727c917c56f..26d72148379 100644 --- a/2014/7xxx/CVE-2014-7026.json +++ b/2014/7xxx/CVE-2014-7026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#505409", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/505409" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#505409", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/505409" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7407.json b/2014/7xxx/CVE-2014-7407.json index 90282c79cf3..8a032d03cf3 100644 --- a/2014/7xxx/CVE-2014-7407.json +++ b/2014/7xxx/CVE-2014-7407.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#731569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/731569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#731569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/731569" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7777.json b/2014/7xxx/CVE-2014-7777.json index 25b303cd787..eed2e2a943b 100644 --- a/2014/7xxx/CVE-2014-7777.json +++ b/2014/7xxx/CVE-2014-7777.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#678945", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/678945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#678945", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/678945" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8108.json b/2014/8xxx/CVE-2014-8108.json index 9f886f2eacb..c1d2dfe8365 100644 --- a/2014/8xxx/CVE-2014-8108.json +++ b/2014/8xxx/CVE-2014-8108.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt" - }, - { - "name" : "https://support.apple.com/HT204427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204427" - }, - { - "name" : "APPLE-SA-2015-03-09-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" - }, - { - "name" : "RHSA-2015:0166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0166.html" - }, - { - "name" : "USN-2721-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2721-1" - }, - { - "name" : "71725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71725" - }, - { - "name" : "61131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt" + }, + { + "name": "RHSA-2015:0166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html" + }, + { + "name": "https://support.apple.com/HT204427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204427" + }, + { + "name": "71725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71725" + }, + { + "name": "APPLE-SA-2015-03-09-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" + }, + { + "name": "61131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61131" + }, + { + "name": "USN-2721-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2721-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8281.json b/2014/8xxx/CVE-2014-8281.json index 466fcb6fbbc..1e4511f2aa5 100644 --- a/2014/8xxx/CVE-2014-8281.json +++ b/2014/8xxx/CVE-2014-8281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8281", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8281", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8284.json b/2014/8xxx/CVE-2014-8284.json index 2eb48ed96aa..968153d36c6 100644 --- a/2014/8xxx/CVE-2014-8284.json +++ b/2014/8xxx/CVE-2014-8284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8284", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8284", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8541.json b/2014/8xxx/CVE-2014-8541.json index eefe452c1b8..3401ac79e19 100644 --- a/2014/8xxx/CVE-2014-8541.json +++ b/2014/8xxx/CVE-2014-8541.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - }, - { - "name" : "USN-2944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2944-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2944-1" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8902.json b/2014/8xxx/CVE-2014-8902.json index e2c5e6b2fb3..42a69b57161 100644 --- a/2014/8xxx/CVE-2014-8902.json +++ b/2014/8xxx/CVE-2014-8902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107" - }, - { - "name" : "PI29956", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956" - }, - { - "name" : "ibm-wsportal-cve20148902-xss(99150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-wsportal-cve20148902-xss(99150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107" + }, + { + "name": "PI29956", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9063.json b/2014/9xxx/CVE-2014-9063.json index 58295583923..b4f2ce13451 100644 --- a/2014/9xxx/CVE-2014-9063.json +++ b/2014/9xxx/CVE-2014-9063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9320.json b/2014/9xxx/CVE-2014-9320.json index e77ccb195a6..b7fe18b5171 100644 --- a/2014/9xxx/CVE-2014-9320.json +++ b/2014/9xxx/CVE-2014-9320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9621.json b/2014/9xxx/CVE-2014-9621.json index 4ecc54de481..e31eb076bb9 100644 --- a/2014/9xxx/CVE-2014-9621.json +++ b/2014/9xxx/CVE-2014-9621.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[File] 20141216 file 5.21 is now available", - "refsource" : "MLIST", - "url" : "http://mx.gw.com/pipermail/file/2014/001654.html" - }, - { - "name" : "[File] 20150102 file 5.22 is now available", - "refsource" : "MLIST", - "url" : "http://mx.gw.com/pipermail/file/2015/001660.html" - }, - { - "name" : "[oss-security] 20150117 Re: CVE request: file(1) DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/17/9" - }, - { - "name" : "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0040.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0040.html" - }, - { - "name" : "GLSA-201503-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-08" - }, - { - "name" : "USN-3686-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3686-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150117 Re: CVE request: file(1) DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/17/9" + }, + { + "name": "USN-3686-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3686-1/" + }, + { + "name": "[File] 20141216 file 5.21 is now available", + "refsource": "MLIST", + "url": "http://mx.gw.com/pipermail/file/2014/001654.html" + }, + { + "name": "[File] 20150102 file 5.22 is now available", + "refsource": "MLIST", + "url": "http://mx.gw.com/pipermail/file/2015/001660.html" + }, + { + "name": "GLSA-201503-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-08" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0040.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0040.html" + }, + { + "name": "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9792.json b/2014/9xxx/CVE-2014-9792.json index d3440bb5e0f..498b76e99e1 100644 --- a/2014/9xxx/CVE-2014-9792.json +++ b/2014/9xxx/CVE-2014-9792.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd" + }, + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2241.json b/2016/2xxx/CVE-2016-2241.json index e975d596c51..16082825278 100644 --- a/2016/2xxx/CVE-2016-2241.json +++ b/2016/2xxx/CVE-2016-2241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2567.json b/2016/2xxx/CVE-2016-2567.json index 8fc971d87c6..89afdae6447 100644 --- a/2016/2xxx/CVE-2016-2567.json +++ b/2016/2xxx/CVE-2016-2567.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an \"exceptional URL\" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003", - "refsource" : "MISC", - "url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an \"exceptional URL\" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003", + "refsource": "MISC", + "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2759.json b/2016/2xxx/CVE-2016-2759.json index a57db7f8c71..c408e2f31ac 100644 --- a/2016/2xxx/CVE-2016-2759.json +++ b/2016/2xxx/CVE-2016-2759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2759", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2759", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6038.json b/2016/6xxx/CVE-2016-6038.json index e70b587b2c0..9bf99179c1d 100644 --- a/2016/6xxx/CVE-2016-6038.json +++ b/2016/6xxx/CVE-2016-6038.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc" - }, - { - "name" : "93180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93180" - }, - { - "name" : "1036887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93180" + }, + { + "name": "1036887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036887" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6799.json b/2016/6xxx/CVE-2016-6799.json index 8491eaec0fa..b5a3c01d9fa 100644 --- a/2016/6xxx/CVE-2016-6799.json +++ b/2016/6xxx/CVE-2016-6799.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-6799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Cordova Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-6799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Cordova Android", + "version": { + "version_data": [ + { + "version_value": "5.2.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20170509 CVE-2016-6799: Internal system information leak", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69@%3Cdev.cordova.apache.org%3E" - }, - { - "name" : "98365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98365" + }, + { + "name": "[dev] 20170509 CVE-2016-6799: Internal system information leak", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69@%3Cdev.cordova.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6862.json b/2016/6xxx/CVE-2016-6862.json index 6affa831896..0dd31eae6c1 100644 --- a/2016/6xxx/CVE-2016-6862.json +++ b/2016/6xxx/CVE-2016-6862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6862", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6862", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6866.json b/2016/6xxx/CVE-2016-6866.json index e1a16358406..a440bece3cf 100644 --- a/2016/6xxx/CVE-2016-6866.json +++ b/2016/6xxx/CVE-2016-6866.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 CVE request - slock, all versions NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/22" - }, - { - "name" : "[oss-security] 20160818 Re: CVE request - slock, all versions NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/24" - }, - { - "name" : "http://s1m0n.dft-labs.eu/files/slock/slock.txt", - "refsource" : "MISC", - "url" : "http://s1m0n.dft-labs.eu/files/slock/slock.txt" - }, - { - "name" : "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29", - "refsource" : "CONFIRM", - "url" : "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29" - }, - { - "name" : "FEDORA-2016-1b7e66c08b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/" - }, - { - "name" : "FEDORA-2016-985b68721b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/" - }, - { - "name" : "92546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160818 Re: CVE request - slock, all versions NULL pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/24" + }, + { + "name": "http://s1m0n.dft-labs.eu/files/slock/slock.txt", + "refsource": "MISC", + "url": "http://s1m0n.dft-labs.eu/files/slock/slock.txt" + }, + { + "name": "FEDORA-2016-985b68721b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/" + }, + { + "name": "[oss-security] 20160818 CVE request - slock, all versions NULL pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/22" + }, + { + "name": "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29", + "refsource": "CONFIRM", + "url": "http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29" + }, + { + "name": "FEDORA-2016-1b7e66c08b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/" + }, + { + "name": "92546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92546" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5170.json b/2017/5xxx/CVE-2017-5170.json index c41e81d3767..7d075c85546 100644 --- a/2017/5xxx/CVE-2017-5170.json +++ b/2017/5xxx/CVE-2017-5170.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa SoftNVR-IA Live Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa SoftNVR-IA Live Viewer" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-427" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa SoftNVR-IA Live Viewer", + "version": { + "version_data": [ + { + "version_value": "Moxa SoftNVR-IA Live Viewer" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02" - }, - { - "name" : "100208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100208" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5488.json b/2017/5xxx/CVE-2017-5488.json index d93b26f11f6..9bb51141fc9 100644 --- a/2017/5xxx/CVE-2017-5488.json +++ b/2017/5xxx/CVE-2017-5488.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/14/6" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8716", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8716" - }, - { - "name" : "https://codex.wordpress.org/Version_4.7.1", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.7.1" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2" - }, - { - "name" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" - }, - { - "name" : "DSA-3779", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3779" - }, - { - "name" : "95397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95397" - }, - { - "name" : "1037591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95397" + }, + { + "name": "DSA-3779", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3779" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8716", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8716" + }, + { + "name": "https://codex.wordpress.org/Version_4.7.1", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.7.1" + }, + { + "name": "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/14/6" + }, + { + "name": "1037591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037591" + }, + { + "name": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5817.json b/2017/5xxx/CVE-2017-5817.json index 421c9012997..a7d37e409f0 100644 --- a/2017/5xxx/CVE-2017-5817.json +++ b/2017/5xxx/CVE-2017-5817.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-07-21T00:00:00", - "ID" : "CVE-2017-5817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 E0504P04" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-07-21T00:00:00", + "ID": "CVE-2017-5817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 E0504P04" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43195", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43195/" - }, - { - "name" : "43492", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43492/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" - }, - { - "name" : "1038478", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43492", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43492/" + }, + { + "name": "1038478", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038478" + }, + { + "name": "43195", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43195/" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" + } + ] + } +} \ No newline at end of file