From ca836ac3baac52b5ad63c02ed25509b184e5e2fb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:40:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0077.json | 160 +++++------ 2006/0xxx/CVE-2006-0210.json | 180 ++++++------- 2006/0xxx/CVE-2006-0468.json | 180 ++++++------- 2006/0xxx/CVE-2006-0951.json | 150 +++++------ 2006/1xxx/CVE-2006-1391.json | 230 ++++++++-------- 2006/1xxx/CVE-2006-1563.json | 170 ++++++------ 2006/1xxx/CVE-2006-1659.json | 210 +++++++-------- 2006/1xxx/CVE-2006-1765.json | 150 +++++------ 2006/1xxx/CVE-2006-1891.json | 200 +++++++------- 2006/5xxx/CVE-2006-5298.json | 190 ++++++------- 2007/2xxx/CVE-2007-2080.json | 130 ++++----- 2010/0xxx/CVE-2010-0011.json | 180 ++++++------- 2010/0xxx/CVE-2010-0110.json | 220 +++++++-------- 2010/0xxx/CVE-2010-0122.json | 180 ++++++------- 2010/0xxx/CVE-2010-0751.json | 220 +++++++-------- 2010/0xxx/CVE-2010-0845.json | 350 ++++++++++++------------ 2010/2xxx/CVE-2010-2254.json | 150 +++++------ 2010/3xxx/CVE-2010-3116.json | 330 +++++++++++------------ 2010/3xxx/CVE-2010-3388.json | 34 +-- 2010/3xxx/CVE-2010-3754.json | 150 +++++------ 2010/3xxx/CVE-2010-3891.json | 170 ++++++------ 2010/4xxx/CVE-2010-4557.json | 190 ++++++------- 2010/4xxx/CVE-2010-4649.json | 160 +++++------ 2010/4xxx/CVE-2010-4899.json | 170 ++++++------ 2014/0xxx/CVE-2014-0367.json | 160 +++++------ 2014/3xxx/CVE-2014-3485.json | 130 ++++----- 2014/4xxx/CVE-2014-4252.json | 500 +++++++++++++++++------------------ 2014/4xxx/CVE-2014-4426.json | 180 ++++++------- 2014/4xxx/CVE-2014-4515.json | 130 ++++----- 2014/4xxx/CVE-2014-4601.json | 120 ++++----- 2014/4xxx/CVE-2014-4834.json | 160 +++++------ 2014/4xxx/CVE-2014-4929.json | 150 +++++------ 2014/8xxx/CVE-2014-8150.json | 350 ++++++++++++------------ 2014/8xxx/CVE-2014-8344.json | 34 +-- 2014/8xxx/CVE-2014-8390.json | 160 +++++------ 2014/9xxx/CVE-2014-9478.json | 150 +++++------ 2014/9xxx/CVE-2014-9731.json | 230 ++++++++-------- 2014/9xxx/CVE-2014-9936.json | 140 +++++----- 2014/9xxx/CVE-2014-9978.json | 132 ++++----- 2016/2xxx/CVE-2016-2285.json | 130 ++++----- 2016/2xxx/CVE-2016-2673.json | 34 +-- 2016/2xxx/CVE-2016-2966.json | 166 ++++++------ 2016/3xxx/CVE-2016-3017.json | 210 +++++++-------- 2016/3xxx/CVE-2016-3036.json | 160 +++++------ 2016/3xxx/CVE-2016-3066.json | 120 ++++----- 2016/3xxx/CVE-2016-3561.json | 150 +++++------ 2016/3xxx/CVE-2016-3769.json | 120 ++++----- 2016/3xxx/CVE-2016-3992.json | 150 +++++------ 2016/6xxx/CVE-2016-6073.json | 34 +-- 2016/6xxx/CVE-2016-6367.json | 180 ++++++------- 2016/6xxx/CVE-2016-6460.json | 130 ++++----- 2016/6xxx/CVE-2016-6543.json | 162 ++++++------ 2016/6xxx/CVE-2016-6748.json | 136 +++++----- 2016/7xxx/CVE-2016-7109.json | 130 ++++----- 2016/7xxx/CVE-2016-7141.json | 230 ++++++++-------- 2016/7xxx/CVE-2016-7377.json | 34 +-- 2016/7xxx/CVE-2016-7894.json | 34 +-- 57 files changed, 4745 insertions(+), 4745 deletions(-) diff --git a/2006/0xxx/CVE-2006-0077.json b/2006/0xxx/CVE-2006-0077.json index 45ffc828aac..cab1f43bb9c 100644 --- a/2006/0xxx/CVE-2006-0077.json +++ b/2006/0xxx/CVE-2006-0077.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116" - }, - { - "name" : "16118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16118" - }, - { - "name" : "ADV-2006-0013", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0013" - }, - { - "name" : "22160", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22160" - }, - { - "name" : "18253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18253" + }, + { + "name": "16118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16118" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116" + }, + { + "name": "ADV-2006-0013", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0013" + }, + { + "name": "22160", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22160" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0210.json b/2006/0xxx/CVE-2006-0210.json index bd880a725ab..50b954d56de 100644 --- a/2006/0xxx/CVE-2006-0210.json +++ b/2006/0xxx/CVE-2006-0210.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060112 Interspire TrackPoint NX XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421740/100/0/threaded" - }, - { - "name" : "http://www.interspire.com/forum/showthread.php?p=29606", - "refsource" : "CONFIRM", - "url" : "http://www.interspire.com/forum/showthread.php?p=29606" - }, - { - "name" : "16214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16214" - }, - { - "name" : "ADV-2006-0175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0175" - }, - { - "name" : "22377", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22377" - }, - { - "name" : "18445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18445" - }, - { - "name" : "trackpointnx-login-xss(24112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16214" + }, + { + "name": "trackpointnx-login-xss(24112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24112" + }, + { + "name": "http://www.interspire.com/forum/showthread.php?p=29606", + "refsource": "CONFIRM", + "url": "http://www.interspire.com/forum/showthread.php?p=29606" + }, + { + "name": "18445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18445" + }, + { + "name": "ADV-2006-0175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0175" + }, + { + "name": "20060112 Interspire TrackPoint NX XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421740/100/0/threaded" + }, + { + "name": "22377", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22377" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0468.json b/2006/0xxx/CVE-2006-0468.json index 0b0c0e1b5cf..179f80f5a3c 100644 --- a/2006/0xxx/CVE-2006-0468.json +++ b/2006/0xxx/CVE-2006-0468.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.stalker.com/CommuniGatePro/History.html", - "refsource" : "CONFIRM", - "url" : "http://www.stalker.com/CommuniGatePro/History.html" - }, - { - "name" : "20060128 Multiple vulnerabilities in CommuniGate Pro Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423364/100/0/threaded" - }, - { - "name" : "http://www.gleg.net/advisory_cg.shtml", - "refsource" : "MISC", - "url" : "http://www.gleg.net/advisory_cg.shtml" - }, - { - "name" : "16407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16407" - }, - { - "name" : "ADV-2006-0364", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0364" - }, - { - "name" : "18640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18640" - }, - { - "name" : "communigate-ldap-bo(24409)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "communigate-ldap-bo(24409)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24409" + }, + { + "name": "20060128 Multiple vulnerabilities in CommuniGate Pro Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423364/100/0/threaded" + }, + { + "name": "ADV-2006-0364", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0364" + }, + { + "name": "18640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18640" + }, + { + "name": "16407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16407" + }, + { + "name": "http://www.gleg.net/advisory_cg.shtml", + "refsource": "MISC", + "url": "http://www.gleg.net/advisory_cg.shtml" + }, + { + "name": "http://www.stalker.com/CommuniGatePro/History.html", + "refsource": "CONFIRM", + "url": "http://www.stalker.com/CommuniGatePro/History.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0951.json b/2006/0xxx/CVE-2006-0951.json index 8379c287deb..f57a35662ec 100644 --- a/2006/0xxx/CVE-2006-0951.json +++ b/2006/0xxx/CVE-2006-0951.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-17/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-17/advisory/" - }, - { - "name" : "ADV-2006-1242", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1242" - }, - { - "name" : "24394", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24394" - }, - { - "name" : "19054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24394", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24394" + }, + { + "name": "ADV-2006-1242", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1242" + }, + { + "name": "http://secunia.com/secunia_research/2006-17/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-17/advisory/" + }, + { + "name": "19054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19054" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1391.json b/2006/1xxx/CVE-2006-1391.json index 73a463bb842..91a60a69436 100644 --- a/2006/1xxx/CVE-2006-1391.json +++ b/2006/1xxx/CVE-2006-1391.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060324 Secunia Research: Quick 'n Easy/Baby Web Server ASP CodeDisclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428667/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-19/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-19/advisory/" - }, - { - "name" : "17222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17222" - }, - { - "name" : "ADV-2006-1085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1085" - }, - { - "name" : "ADV-2006-1088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1088" - }, - { - "name" : "24100", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24100" - }, - { - "name" : "24099", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24099" - }, - { - "name" : "19306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19306" - }, - { - "name" : "19312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19312" - }, - { - "name" : "624", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/624" - }, - { - "name" : "baby-web-asp-disclosure(25417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25417" - }, - { - "name" : "quickneasy-web-asp-disclosure(25418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17222" + }, + { + "name": "19312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19312" + }, + { + "name": "20060324 Secunia Research: Quick 'n Easy/Baby Web Server ASP CodeDisclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428667/100/0/threaded" + }, + { + "name": "ADV-2006-1085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1085" + }, + { + "name": "quickneasy-web-asp-disclosure(25418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25418" + }, + { + "name": "24100", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24100" + }, + { + "name": "24099", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24099" + }, + { + "name": "624", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/624" + }, + { + "name": "baby-web-asp-disclosure(25417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25417" + }, + { + "name": "19306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19306" + }, + { + "name": "http://secunia.com/secunia_research/2006-19/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-19/advisory/" + }, + { + "name": "ADV-2006-1088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1088" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1563.json b/2006/1xxx/CVE-2006-1563.json index 4e131113c67..ae8995ffd87 100644 --- a/2006/1xxx/CVE-2006-1563.json +++ b/2006/1xxx/CVE-2006-1563.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 [eVuln] [V]Book Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430624/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/111", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/111" - }, - { - "name" : "ADV-2006-1174", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1174" - }, - { - "name" : "24272", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24272" - }, - { - "name" : "19448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19448" - }, - { - "name" : "vbook-config-file-include(25522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19448" + }, + { + "name": "20060411 [eVuln] [V]Book Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430624/100/0/threaded" + }, + { + "name": "24272", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24272" + }, + { + "name": "ADV-2006-1174", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1174" + }, + { + "name": "http://evuln.com/vulns/111", + "refsource": "MISC", + "url": "http://evuln.com/vulns/111" + }, + { + "name": "vbook-config-file-include(25522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25522" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1659.json b/2006/1xxx/CVE-2006-1659.json index 76a34c0ef9f..9dd9946752f 100644 --- a/2006/1xxx/CVE-2006-1659.json +++ b/2006/1xxx/CVE-2006-1659.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060331 SQL Injection in Softbiz Image Gallery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429763/100/0/threaded" - }, - { - "name" : "17339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17339" - }, - { - "name" : "ADV-2006-1217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1217" - }, - { - "name" : "24368", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24368" - }, - { - "name" : "24369", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24369" - }, - { - "name" : "24370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24370" - }, - { - "name" : "24371", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24371" - }, - { - "name" : "24372", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24372" - }, - { - "name" : "19523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19523" - }, - { - "name" : "softbizimagegallery-multiple-sql-injection(25616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24371", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24371" + }, + { + "name": "24368", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24368" + }, + { + "name": "softbizimagegallery-multiple-sql-injection(25616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25616" + }, + { + "name": "17339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17339" + }, + { + "name": "20060331 SQL Injection in Softbiz Image Gallery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429763/100/0/threaded" + }, + { + "name": "19523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19523" + }, + { + "name": "24370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24370" + }, + { + "name": "ADV-2006-1217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1217" + }, + { + "name": "24372", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24372" + }, + { + "name": "24369", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24369" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1765.json b/2006/1xxx/CVE-2006-1765.json index 576d288b958..0de0dbb12e8 100644 --- a/2006/1xxx/CVE-2006-1765.json +++ b/2006/1xxx/CVE-2006-1765.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060410 Jbook Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430479/100/0/threaded" - }, - { - "name" : "17419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17419" - }, - { - "name" : "19613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19613" - }, - { - "name" : "jbook-index-xss(25734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19613" + }, + { + "name": "jbook-index-xss(25734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25734" + }, + { + "name": "17419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17419" + }, + { + "name": "20060410 Jbook Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430479/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1891.json b/2006/1xxx/CVE-2006-1891.json index c484212f025..1ff87169d1f 100644 --- a/2006/1xxx/CVE-2006-1891.json +++ b/2006/1xxx/CVE-2006-1891.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060416 BetaBoard Cross Site Scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431116/100/0/threaded" - }, - { - "name" : "20060416 BetaBoard Cross Site Scripting vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045194.html" - }, - { - "name" : "17556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17556" - }, - { - "name" : "ADV-2006-1377", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1377" - }, - { - "name" : "1015955", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015955" - }, - { - "name" : "19700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19700" - }, - { - "name" : "724", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/724" - }, - { - "name" : "765", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/765" - }, - { - "name" : "betaboard-editprofile-xss(25838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1377", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1377" + }, + { + "name": "17556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17556" + }, + { + "name": "765", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/765" + }, + { + "name": "724", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/724" + }, + { + "name": "1015955", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015955" + }, + { + "name": "19700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19700" + }, + { + "name": "20060416 BetaBoard Cross Site Scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431116/100/0/threaded" + }, + { + "name": "20060416 BetaBoard Cross Site Scripting vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045194.html" + }, + { + "name": "betaboard-editprofile-xss(25838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25838" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5298.json b/2006/5xxx/CVE-2006-5298.json index f399898c574..05f8d71080c 100644 --- a/2006/5xxx/CVE-2006-5298.json +++ b/2006/5xxx/CVE-2006-5298.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=mutt-dev&m=115999486426292&w=2" - }, - { - "name" : "MDKSA-2006:190", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" - }, - { - "name" : "2006-0061", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0061/" - }, - { - "name" : "USN-373-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-373-1" - }, - { - "name" : "22613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22613" - }, - { - "name" : "22640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22640" - }, - { - "name" : "22686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22686" - }, - { - "name" : "22685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", + "refsource": "MLIST", + "url": "http://marc.info/?l=mutt-dev&m=115999486426292&w=2" + }, + { + "name": "2006-0061", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0061/" + }, + { + "name": "22640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22640" + }, + { + "name": "22613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22613" + }, + { + "name": "22685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22685" + }, + { + "name": "22686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22686" + }, + { + "name": "USN-373-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-373-1" + }, + { + "name": "MDKSA-2006:190", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2080.json b/2007/2xxx/CVE-2007-2080.json index ac49da63e5f..ed2dc2381e7 100644 --- a/2007/2xxx/CVE-2007-2080.json +++ b/2007/2xxx/CVE-2007-2080.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3738", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3738" - }, - { - "name" : "37440", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37440", + "refsource": "OSVDB", + "url": "http://osvdb.org/37440" + }, + { + "name": "3738", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3738" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0011.json b/2010/0xxx/CVE-2010-0011.json index 219e83b022d..03a82c768f8 100644 --- a/2010/0xxx/CVE-2010-0011.json +++ b/2010/0xxx/CVE-2010-0011.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100106 CVE request - uzbl remote code execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/06/1" - }, - { - "name" : "[oss-security] 20100106 Re: CVE request - uzbl remote code execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/06/3" - }, - { - "name" : "[uzbl-dev] 20100102 Fw: Uzbl: security issue", - "refsource" : "MLIST", - "url" : "http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html" - }, - { - "name" : "http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047", - "refsource" : "CONFIRM", - "url" : "http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047" - }, - { - "name" : "http://github.com/Dieterbe/uzbl/downloads", - "refsource" : "CONFIRM", - "url" : "http://github.com/Dieterbe/uzbl/downloads" - }, - { - "name" : "http://www.uzbl.org/news.php?id=22", - "refsource" : "CONFIRM", - "url" : "http://www.uzbl.org/news.php?id=22" - }, - { - "name" : "uzbl-evaljs-command-execution(56612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[uzbl-dev] 20100102 Fw: Uzbl: security issue", + "refsource": "MLIST", + "url": "http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html" + }, + { + "name": "http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047", + "refsource": "CONFIRM", + "url": "http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047" + }, + { + "name": "http://github.com/Dieterbe/uzbl/downloads", + "refsource": "CONFIRM", + "url": "http://github.com/Dieterbe/uzbl/downloads" + }, + { + "name": "http://www.uzbl.org/news.php?id=22", + "refsource": "CONFIRM", + "url": "http://www.uzbl.org/news.php?id=22" + }, + { + "name": "uzbl-evaljs-command-execution(56612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56612" + }, + { + "name": "[oss-security] 20100106 CVE request - uzbl remote code execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/06/1" + }, + { + "name": "[oss-security] 20100106 Re: CVE request - uzbl remote code execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/06/3" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0110.json b/2010/0xxx/CVE-2010-0110.json index c15bc7b8583..2e172030fc2 100644 --- a/2010/0xxx/CVE-2010-0110.json +++ b/2010/0xxx/CVE-2010-0110.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-028", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-028" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-030", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-030" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-031", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-031" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-032", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-032" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00" - }, - { - "name" : "45936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45936" - }, - { - "name" : "1024996", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024996" - }, - { - "name" : "43099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43099" - }, - { - "name" : "43106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43106" - }, - { - "name" : "ADV-2011-0234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0234" - }, - { - "name" : "symantec-intel-ams2-bo(64940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-031", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-031" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-028", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-028" + }, + { + "name": "43099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43099" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-032", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-032" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00" + }, + { + "name": "symantec-intel-ams2-bo(64940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64940" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-030", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-030" + }, + { + "name": "43106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43106" + }, + { + "name": "1024996", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024996" + }, + { + "name": "45936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45936" + }, + { + "name": "ADV-2011-0234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0234" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0122.json b/2010/0xxx/CVE-2010-0122.json index d435bfe76de..15f30cc2315 100644 --- a/2010/0xxx/CVE-2010-0122.json +++ b/2010/0xxx/CVE-2010-0122.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100310 Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509995/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-11/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-11/" - }, - { - "name" : "38639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38639" - }, - { - "name" : "62831", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62831" - }, - { - "name" : "62832", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62832" - }, - { - "name" : "38739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38739" - }, - { - "name" : "timeclock-auth-sql-injection(56799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38639" + }, + { + "name": "38739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38739" + }, + { + "name": "timeclock-auth-sql-injection(56799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56799" + }, + { + "name": "http://secunia.com/secunia_research/2010-11/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-11/" + }, + { + "name": "62832", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62832" + }, + { + "name": "62831", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62831" + }, + { + "name": "20100310 Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0751.json b/2010/0xxx/CVE-2010-0751.json index 2f37aae273f..187b3540615 100644 --- a/2010/0xxx/CVE-2010-0751.json +++ b/2010/0xxx/CVE-2010-0751.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xorl.wordpress.com/2010/04/04/libnids-ip-fragmentation-remote-null-pointer-dereference/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2010/04/04/libnids-ip-fragmentation-remote-null-pointer-dereference/" - }, - { - "name" : "http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt", - "refsource" : "CONFIRM", - "url" : "http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt" - }, - { - "name" : "FEDORA-2010-5535", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038375.html" - }, - { - "name" : "FEDORA-2010-5545", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038388.html" - }, - { - "name" : "FEDORA-2010-5562", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038410.html" - }, - { - "name" : "39142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39142" - }, - { - "name" : "39225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39225" - }, - { - "name" : "39249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39249" - }, - { - "name" : "ADV-2010-0777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0777" - }, - { - "name" : "ADV-2010-0791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0791" - }, - { - "name" : "libnids-ipfragment-dos(57428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-5562", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038410.html" + }, + { + "name": "FEDORA-2010-5535", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038375.html" + }, + { + "name": "39225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39225" + }, + { + "name": "ADV-2010-0791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0791" + }, + { + "name": "FEDORA-2010-5545", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038388.html" + }, + { + "name": "39142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39142" + }, + { + "name": "ADV-2010-0777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0777" + }, + { + "name": "http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt", + "refsource": "CONFIRM", + "url": "http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt" + }, + { + "name": "http://xorl.wordpress.com/2010/04/04/libnids-ip-fragmentation-remote-null-pointer-dereference/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2010/04/04/libnids-ip-fragmentation-remote-null-pointer-dereference/" + }, + { + "name": "libnids-ipfragment-dos(57428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57428" + }, + { + "name": "39249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39249" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0845.json b/2010/0xxx/CVE-2010-0845.json index bc3148f221a..4fe6f580637 100644 --- a/2010/0xxx/CVE-2010-0845.json +++ b/2010/0xxx/CVE-2010-0845.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02524", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "SSRT100089", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "RHSA-2010:0337", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" - }, - { - "name" : "RHSA-2010:0338", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" - }, - { - "name" : "RHSA-2010:0339", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0339.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "USN-923-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-923-1" - }, - { - "name" : "oval:org.mitre.oval:def:9896", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9896" - }, - { - "name" : "oval:org.mitre.oval:def:14521", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14521" - }, - { - "name" : "39292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39292" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "oval:org.mitre.oval:def:9896", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9896" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "RHSA-2010:0338", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SSRT100089", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "RHSA-2010:0339", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" + }, + { + "name": "HPSBUX02524", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "39292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39292" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:14521", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14521" + }, + { + "name": "USN-923-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-923-1" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0337", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2254.json b/2010/2xxx/CVE-2010-2254.json index 4a7785b2815..6795c14ca9d 100644 --- a/2010/2xxx/CVE-2010-2254.json +++ b/2010/2xxx/CVE-2010-2254.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10964", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10964" - }, - { - "name" : "http://packetstormsecurity.org/1001-exploits/joomlaboh-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/joomlaboh-sql.txt" - }, - { - "name" : "37602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37602" - }, - { - "name" : "ADV-2010-0019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1001-exploits/joomlaboh-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/joomlaboh-sql.txt" + }, + { + "name": "ADV-2010-0019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0019" + }, + { + "name": "10964", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10964" + }, + { + "name": "37602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37602" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3116.json b/2010/3xxx/CVE-2010-3116.json index 4c60d687dee..976163a9a66 100644 --- a/2010/3xxx/CVE-2010-3116.json +++ b/2010/3xxx/CVE-2010-3116.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=50515", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=50515" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=51835", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=51835" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" - }, - { - "name" : "http://support.apple.com/kb/HT4455", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4455" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-11-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "44200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44200" - }, - { - "name" : "oval:org.mitre.oval:def:11909", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "http://support.apple.com/kb/HT4455", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4455" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:11909", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909" + }, + { + "name": "APPLE-SA-2010-11-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "44200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44200" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=51835", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=51835" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=50515", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=50515" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3388.json b/2010/3xxx/CVE-2010-3388.json index 96b679d1ce4..9e659b2e917 100644 --- a/2010/3xxx/CVE-2010-3388.json +++ b/2010/3xxx/CVE-2010-3388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3754.json b/2010/3xxx/CVE-2010-3754.json index bca82c42636..d44f32daf1f 100644 --- a/2010/3xxx/CVE-2010-3754.json +++ b/2010/3xxx/CVE-2010-3754.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100929 ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514058/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-182/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-182/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21443820", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21443820" - }, - { - "name" : "IC69883", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-182/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-182/" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21443820", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21443820" + }, + { + "name": "IC69883", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" + }, + { + "name": "20100929 ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514058/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3891.json b/2010/3xxx/CVE-2010-3891.json index 122977444eb..7b63696f38b 100644 --- a/2010/3xxx/CVE-2010-3891.json +++ b/2010/3xxx/CVE-2010-3891.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101109 IBM OmniFind - several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded" - }, - { - "name" : "15473", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15473" - }, - { - "name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", - "refsource" : "MISC", - "url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" - }, - { - "name" : "44740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44740" - }, - { - "name" : "69083", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69083" - }, - { - "name" : "ADV-2010-2933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69083", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69083" + }, + { + "name": "15473", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15473" + }, + { + "name": "20101109 IBM OmniFind - several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded" + }, + { + "name": "44740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44740" + }, + { + "name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", + "refsource": "MISC", + "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt" + }, + { + "name": "ADV-2010-2933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2933" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4557.json b/2010/4xxx/CVE-2010-4557.json index 086eaec37f6..265cda00735 100644 --- a/2010/4xxx/CVE-2010-4557.json +++ b/2010/4xxx/CVE-2010-4557.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15707", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15707" - }, - { - "name" : "http://aluigi.org/adv/inbatch_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/inbatch_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-348-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-348-01.pdf" - }, - { - "name" : "http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx", - "refsource" : "CONFIRM", - "url" : "http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx" - }, - { - "name" : "http://iom.invensys.com/EN/pdfLibrary/SecurityAlert_Invensys_SecurityAlert-LFSEC00000051_12-10.pdf", - "refsource" : "CONFIRM", - "url" : "http://iom.invensys.com/EN/pdfLibrary/SecurityAlert_Invensys_SecurityAlert-LFSEC00000051_12-10.pdf" - }, - { - "name" : "VU#647928", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/647928" - }, - { - "name" : "42528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42528" - }, - { - "name" : "ADV-2010-3244", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.org/adv/inbatch_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/inbatch_1-adv.txt" + }, + { + "name": "http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx", + "refsource": "CONFIRM", + "url": "http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx" + }, + { + "name": "15707", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15707" + }, + { + "name": "http://iom.invensys.com/EN/pdfLibrary/SecurityAlert_Invensys_SecurityAlert-LFSEC00000051_12-10.pdf", + "refsource": "CONFIRM", + "url": "http://iom.invensys.com/EN/pdfLibrary/SecurityAlert_Invensys_SecurityAlert-LFSEC00000051_12-10.pdf" + }, + { + "name": "42528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42528" + }, + { + "name": "ADV-2010-3244", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3244" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-348-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-348-01.pdf" + }, + { + "name": "VU#647928", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/647928" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4649.json b/2010/4xxx/CVE-2010-4649.json index 762e89867fa..7410563c51c 100644 --- a/2010/4xxx/CVE-2010-4649.json +++ b/2010/4xxx/CVE-2010-4649.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7182afea8d1afd432a17c18162cc3fd441d0da93", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7182afea8d1afd432a17c18162cc3fd441d0da93" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667916", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667916" - }, - { - "name" : "RHSA-2011:0927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0927.html" - }, - { - "name" : "46073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46073" + }, + { + "name": "RHSA-2011:0927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7182afea8d1afd432a17c18162cc3fd441d0da93", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7182afea8d1afd432a17c18162cc3fd441d0da93" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667916", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667916" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4899.json b/2010/4xxx/CVE-2010-4899.json index c02aebce991..31adc90df25 100644 --- a/2010/4xxx/CVE-2010-4899.json +++ b/2010/4xxx/CVE-2010-4899.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100902 Vulnerabilities in CMS WebManager-Pro", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513485/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/webmanagerpro-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/webmanagerpro-sql.txt" - }, - { - "name" : "http://websecurity.com.ua/4146/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/4146/" - }, - { - "name" : "42951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42951" - }, - { - "name" : "8438", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8438" - }, - { - "name" : "cmswebmanagerpro-c-sql-injection(61593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42951" + }, + { + "name": "8438", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8438" + }, + { + "name": "20100902 Vulnerabilities in CMS WebManager-Pro", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513485/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.org/1009-exploits/webmanagerpro-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/webmanagerpro-sql.txt" + }, + { + "name": "http://websecurity.com.ua/4146/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/4146/" + }, + { + "name": "cmswebmanagerpro-c-sql-injection(61593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61593" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0367.json b/2014/0xxx/CVE-2014-0367.json index 012e36205f5..51b20cf0b7c 100644 --- a/2014/0xxx/CVE-2014-0367.json +++ b/2014/0xxx/CVE-2014-0367.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64814" - }, - { - "name" : "102114", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102114" - }, - { - "name" : "56469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56469" + }, + { + "name": "102114", + "refsource": "OSVDB", + "url": "http://osvdb.org/102114" + }, + { + "name": "64814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64814" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3485.json b/2014/3xxx/CVE-2014-3485.json index 347c606174d..8b6eb45acd1 100644 --- a/2014/3xxx/CVE-2014-3485.json +++ b/2014/3xxx/CVE-2014-3485.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0814.html" - }, - { - "name" : "1030501", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030501", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030501" + }, + { + "name": "RHSA-2014:0814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0814.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4252.json b/2014/4xxx/CVE-2014-4252.json index 1c361d0e3ed..12f8e7429fe 100644 --- a/2014/4xxx/CVE-2014-4252.json +++ b/2014/4xxx/CVE-2014-4252.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" - }, - { - "name" : "DSA-2980", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2980" - }, - { - "name" : "DSA-2987", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2987" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "RHSA-2014:0902", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0902" - }, - { - "name" : "RHSA-2014:0908", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0908" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "68642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68642" - }, - { - "name" : "1030577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030577" - }, - { - "name" : "60245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60245" - }, - { - "name" : "60081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60081" - }, - { - "name" : "60317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60317" - }, - { - "name" : "61577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61577" - }, - { - "name" : "61640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61640" - }, - { - "name" : "59404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59404" - }, - { - "name" : "60817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60817" - }, - { - "name" : "60485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60485" - }, - { - "name" : "59985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59985" - }, - { - "name" : "59986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59986" - }, - { - "name" : "59924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59924" - }, - { - "name" : "59987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59987" - }, - { - "name" : "59680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59680" - }, - { - "name" : "60622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60622" - }, - { - "name" : "60129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60129" - }, - { - "name" : "60812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60812" - }, - { - "name" : "oracle-cpujul2014-cve20144252(94600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2987", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2987" + }, + { + "name": "60129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60129" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "DSA-2980", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2980" + }, + { + "name": "1030577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030577" + }, + { + "name": "59987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59987" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "oracle-cpujul2014-cve20144252(94600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94600" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "60812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60812" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "SUSE-SU-2015:0376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" + }, + { + "name": "59986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59986" + }, + { + "name": "68642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68642" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "60245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60245" + }, + { + "name": "60817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60817" + }, + { + "name": "59924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59924" + }, + { + "name": "61577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61577" + }, + { + "name": "RHSA-2014:0908", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0908" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "60485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60485" + }, + { + "name": "59680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59680" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334" + }, + { + "name": "60622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60622" + }, + { + "name": "60081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60081" + }, + { + "name": "RHSA-2014:0902", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0902" + }, + { + "name": "59985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59985" + }, + { + "name": "61640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61640" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "60317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60317" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "59404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59404" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4426.json b/2014/4xxx/CVE-2014-4426.json index a3def46a38b..c715a40c5d4 100644 --- a/2014/4xxx/CVE-2014-4426.json +++ b/2014/4xxx/CVE-2014-4426.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "70623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70623" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144426-info-disc(97643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144426-info-disc(97643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97643" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "70623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70623" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4515.json b/2014/4xxx/CVE-2014-4515.json index 71d8e680379..e606be65442 100644 --- a/2014/4xxx/CVE-2014-4515.json +++ b/2014/4xxx/CVE-2014-4515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-anyfont-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-anyfont-a3-cross-site-scripting-xss" - }, - { - "name" : "68314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68314" + }, + { + "name": "http://codevigilant.com/disclosure/wp-plugin-anyfont-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-anyfont-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4601.json b/2014/4xxx/CVE-2014-4601.json index f3437e45488..f35dc22ea92 100644 --- a/2014/4xxx/CVE-2014-4601.json +++ b/2014/4xxx/CVE-2014-4601.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wu-rating-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wu-rating-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wu-rating-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wu-rating-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4834.json b/2014/4xxx/CVE-2014-4834.json index 76b6b10060f..b8e8625fd75 100644 --- a/2014/4xxx/CVE-2014-4834.json +++ b/2014/4xxx/CVE-2014-4834.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685464", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685464" - }, - { - "name" : "JR49897", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49897" - }, - { - "name" : "JR50553", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50553" - }, - { - "name" : "70870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70870" - }, - { - "name" : "ibm-websphere-cve20144834-dos(95628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR50553", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50553" + }, + { + "name": "JR49897", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49897" + }, + { + "name": "ibm-websphere-cve20144834-dos(95628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95628" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685464", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685464" + }, + { + "name": "70870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70870" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4929.json b/2014/4xxx/CVE-2014-4929.json index 7a96106cc33..f887d19ec54 100644 --- a/2014/4xxx/CVE-2014-4929.json +++ b/2014/4xxx/CVE-2014-4929.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://advisories.mageia.org/MGASA-2014-0301.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0301.html" - }, - { - "name" : "http://owncloud.org/security/advisory/?id=oc-sa-2014-018", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/security/advisory/?id=oc-sa-2014-018" - }, - { - "name" : "MDVSA-2014:140", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140" - }, - { - "name" : "68975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://advisories.mageia.org/MGASA-2014-0301.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0301.html" + }, + { + "name": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018", + "refsource": "CONFIRM", + "url": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018" + }, + { + "name": "MDVSA-2014:140", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140" + }, + { + "name": "68975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68975" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8150.json b/2014/8xxx/CVE-2014-8150.json index 1f2c25f11c1..70c7eedf248 100644 --- a/2014/8xxx/CVE-2014-8150.json +++ b/2014/8xxx/CVE-2014-8150.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://curl.haxx.se/docs/adv_20150108B.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20150108B.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0020.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0020.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10131", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10131" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-3122", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3122" - }, - { - "name" : "FEDORA-2015-0415", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html" - }, - { - "name" : "FEDORA-2015-0418", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html" - }, - { - "name" : "FEDORA-2015-6853", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html" - }, - { - "name" : "FEDORA-2015-6864", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html" - }, - { - "name" : "GLSA-201701-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-47" - }, - { - "name" : "MDVSA-2015:021", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:021" - }, - { - "name" : "RHSA-2015:1254", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1254.html" - }, - { - "name" : "openSUSE-SU-2015:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html" - }, - { - "name" : "USN-2474-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2474-1" - }, - { - "name" : "71964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71964" - }, - { - "name" : "1032768", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032768" - }, - { - "name" : "61925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61925" - }, - { - "name" : "62075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62075" - }, - { - "name" : "62361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62361" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10131", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10131" + }, + { + "name": "FEDORA-2015-6853", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0020.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0020.html" + }, + { + "name": "71964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71964" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1032768", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032768" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "FEDORA-2015-0418", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html" + }, + { + "name": "http://curl.haxx.se/docs/adv_20150108B.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20150108B.html" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "RHSA-2015:1254", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1254.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743" + }, + { + "name": "openSUSE-SU-2015:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "FEDORA-2015-0415", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html" + }, + { + "name": "USN-2474-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2474-1" + }, + { + "name": "GLSA-201701-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-47" + }, + { + "name": "FEDORA-2015-6864", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html" + }, + { + "name": "MDVSA-2015:021", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:021" + }, + { + "name": "62075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62075" + }, + { + "name": "DSA-3122", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3122" + }, + { + "name": "61925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61925" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8344.json b/2014/8xxx/CVE-2014-8344.json index 33c898effa2..df5e1f8305f 100644 --- a/2014/8xxx/CVE-2014-8344.json +++ b/2014/8xxx/CVE-2014-8344.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8344", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8344", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8390.json b/2014/8xxx/CVE-2014-8390.json index 1a93f21ebf4..813eaad29c6 100644 --- a/2014/8xxx/CVE-2014-8390.json +++ b/2014/8xxx/CVE-2014-8390.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150330 [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535142/100/0/threaded" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-092-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-092-01" - }, - { - "name" : "http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow" - }, - { - "name" : "http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-084-01", - "refsource" : "CONFIRM", - "url" : "http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-084-01" - }, - { - "name" : "73405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150330 [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535142/100/0/threaded" + }, + { + "name": "73405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73405" + }, + { + "name": "http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-092-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-092-01" + }, + { + "name": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-084-01", + "refsource": "CONFIRM", + "url": "http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-084-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9478.json b/2014/9xxx/CVE-2014-9478.json index 8fe06b9c353..2279dff4dba 100644 --- a/2014/9xxx/CVE-2014-9478.json +++ b/2014/9xxx/CVE-2014-9478.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" - }, - { - "name" : "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/21/2" - }, - { - "name" : "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/13" - }, - { - "name" : "https://phabricator.wikimedia.org/T73111", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T73111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13" + }, + { + "name": "https://phabricator.wikimedia.org/T73111", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T73111" + }, + { + "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2" + }, + { + "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9731.json b/2014/9xxx/CVE-2014-9731.json index 7a7323341f1..dd418f8ad75 100644 --- a/2014/9xxx/CVE-2014-9731.json +++ b/2014/9xxx/CVE-2014-9731.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \\0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150603 CVE request Linux kernel: udf: information leakage when reading symlink", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/03/4" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228220", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1228220" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "SUSE-SU-2015:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1611", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1224", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "75001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \\0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "SUSE-SU-2015:1611", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228220", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228220" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14" + }, + { + "name": "SUSE-SU-2015:1224", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" + }, + { + "name": "SUSE-SU-2015:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + }, + { + "name": "[oss-security] 20150603 CVE request Linux kernel: udf: information leakage when reading symlink", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/03/4" + }, + { + "name": "75001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75001" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9936.json b/2014/9xxx/CVE-2014-9936.json index fd15b1704da..8d437c2996d 100644 --- a/2014/9xxx/CVE-2014-9936.json +++ b/2014/9xxx/CVE-2014-9936.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm Products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Time-of-check Time-of-use Race Condition in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm Products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97329" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use Race Condition in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97329" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9978.json b/2014/9xxx/CVE-2014-9978.json index ed75cc5ed22..51400335506 100644 --- a/2014/9xxx/CVE-2014-9978.json +++ b/2014/9xxx/CVE-2014-9978.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2014-9978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2014-9978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2285.json b/2016/2xxx/CVE-2016-2285.json index 06857817388..db2d58e92eb 100644 --- a/2016/2xxx/CVE-2016-2285.json +++ b/2016/2xxx/CVE-2016-2285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160503 Moxa MiiNePort - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/7" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160503 Moxa MiiNePort - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/7" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2673.json b/2016/2xxx/CVE-2016-2673.json index 66d8746f7bf..920943ec679 100644 --- a/2016/2xxx/CVE-2016-2673.json +++ b/2016/2xxx/CVE-2016-2673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2673", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2673", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2966.json b/2016/2xxx/CVE-2016-2966.json index 0a549f8739a..10b62170bed 100644 --- a/2016/2xxx/CVE-2016-2966.json +++ b/2016/2xxx/CVE-2016-2966.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2016-2966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2016-2966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113847", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113847" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441" - }, - { - "name" : "100572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006441", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006441" + }, + { + "name": "100572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100572" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113847", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113847" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3017.json b/2016/3xxx/CVE-2016-3017.json index f99be0035bb..6f031fefe34 100644 --- a/2016/3xxx/CVE-2016-3017.json +++ b/2016/3xxx/CVE-2016-3017.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995519", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995519", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995519" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3036.json b/2016/3xxx/CVE-2016-3036.json index bcc718bc6bb..7f05ac1482a 100644 --- a/2016/3xxx/CVE-2016-3036.json +++ b/2016/3xxx/CVE-2016-3036.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos TM1", - "version" : { - "version_data" : [ - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.2.0.2" - }, - { - "version_value" : "10.2.2" - }, - { - "version_value" : "10.1.1.2" - }, - { - "version_value" : "10.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos TM1", + "version": { + "version_data": [ + { + "version_value": "10.1" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.2.0.2" + }, + { + "version_value": "10.2.2" + }, + { + "version_value": "10.1.1.2" + }, + { + "version_value": "10.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999649", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999649" - }, - { - "name" : "97918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 114612." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999649", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999649" + }, + { + "name": "97918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97918" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3066.json b/2016/3xxx/CVE-2016-3066.json index 946bd42109b..bf8bb356c62 100644 --- a/2016/3xxx/CVE-2016-3066.json +++ b/2016/3xxx/CVE-2016-3066.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1320263", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1320263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1320263", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320263" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3561.json b/2016/3xxx/CVE-2016-3561.json index d575640ad57..4d2d14b722f 100644 --- a/2016/3xxx/CVE-2016-3561.json +++ b/2016/3xxx/CVE-2016-3561.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91965" - }, - { - "name" : "1036402", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036402", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036402" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91965" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3769.json b/2016/3xxx/CVE-2016-3769.json index 5a244795c07..217f5ebef9e 100644 --- a/2016/3xxx/CVE-2016-3769.json +++ b/2016/3xxx/CVE-2016-3769.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3992.json b/2016/3xxx/CVE-2016-3992.json index 3bd3cb42dcc..c1a6446fbab 100644 --- a/2016/3xxx/CVE-2016-3992.json +++ b/2016/3xxx/CVE-2016-3992.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160410 CVE request: cronic - predictable temporary files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/09/4" - }, - { - "name" : "[oss-security] 20160410 Re: CVE request: cronic - predictable temporary files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/10/2" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331" - }, - { - "name" : "openSUSE-SU-2016:1741", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160410 CVE request: cronic - predictable temporary files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/09/4" + }, + { + "name": "[oss-security] 20160410 Re: CVE request: cronic - predictable temporary files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/10/2" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331" + }, + { + "name": "openSUSE-SU-2016:1741", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6073.json b/2016/6xxx/CVE-2016-6073.json index f85618f1810..99e17b25c3d 100644 --- a/2016/6xxx/CVE-2016-6073.json +++ b/2016/6xxx/CVE-2016-6073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6367.json b/2016/6xxx/CVE-2016-6367.json index 29a7fb395ee..3e615e6dee1 100644 --- a/2016/6xxx/CVE-2016-6367.json +++ b/2016/6xxx/CVE-2016-6367.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40271", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40271/" - }, - { - "name" : "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip", - "refsource" : "MISC", - "url" : "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip" - }, - { - "name" : "http://blogs.cisco.com/security/shadow-brokers", - "refsource" : "CONFIRM", - "url" : "http://blogs.cisco.com/security/shadow-brokers" - }, - { - "name" : "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516" - }, - { - "name" : "20160817 Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli" - }, - { - "name" : "92520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92520" - }, - { - "name" : "1036636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160817 Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli" + }, + { + "name": "40271", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40271/" + }, + { + "name": "http://blogs.cisco.com/security/shadow-brokers", + "refsource": "CONFIRM", + "url": "http://blogs.cisco.com/security/shadow-brokers" + }, + { + "name": "1036636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036636" + }, + { + "name": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516" + }, + { + "name": "92520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92520" + }, + { + "name": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip", + "refsource": "MISC", + "url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6460.json b/2016/6xxx/CVE-2016-6460.json index 4506acd25af..a81a7e6ae62 100644 --- a/2016/6xxx/CVE-2016-6460.json +++ b/2016/6xxx/CVE-2016-6460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower System Software 5.4.0.2 through 6.2.0", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower System Software 5.4.0.2 through 6.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower System Software 5.4.0.2 through 6.2.0", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower System Software 5.4.0.2 through 6.2.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss" - }, - { - "name" : "94359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94359" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6543.json b/2016/6xxx/CVE-2016-6543.json index 2ef56a4cb48..874a60e72ce 100644 --- a/2016/6xxx/CVE-2016-6543.json +++ b/2016/6xxx/CVE-2016-6543.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6543", - "STATE" : "PUBLIC", - "TITLE" : "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Easy", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "iTrack" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-799: Improper Control of Interaction Frequency" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6543", + "STATE": "PUBLIC", + "TITLE": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "iTrack" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" - }, - { - "name" : "VU#974055", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/974055" - }, - { - "name" : "93875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93875" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-799: Improper Control of Interaction Frequency" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974055", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/974055" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + }, + { + "name": "93875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93875" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6748.json b/2016/6xxx/CVE-2016-6748.json index 5dae84a509e..7f5bc0a67f4 100644 --- a/2016/6xxx/CVE-2016-6748.json +++ b/2016/6xxx/CVE-2016-6748.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94139" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7109.json b/2016/7xxx/CVE-2016-7109.json index f0cbacb1232..e367b99270c 100644 --- a/2016/7xxx/CVE-2016-7109.json +++ b/2016/7xxx/CVE-2016-7109.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en" - }, - { - "name" : "92617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92617" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7141.json b/2016/7xxx/CVE-2016-7141.json index 4611ed1fa6a..7bd2753edc0 100644 --- a/2016/7xxx/CVE-2016-7141.json +++ b/2016/7xxx/CVE-2016-7141.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373229" - }, - { - "name" : "https://curl.haxx.se/docs/adv_20160907.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20160907.html" - }, - { - "name" : "https://github.com/curl/curl/commit/curl-7_50_2~32", - "refsource" : "CONFIRM", - "url" : "https://github.com/curl/curl/commit/curl-7_50_2~32" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "GLSA-201701-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-47" - }, - { - "name" : "RHSA-2016:2575", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2575.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "openSUSE-SU-2016:2379", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html" - }, - { - "name" : "92754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92754" - }, - { - "name" : "1036739", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2575", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2575.html" + }, + { + "name": "https://curl.haxx.se/docs/adv_20160907.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20160907.html" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229" + }, + { + "name": "1036739", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036739" + }, + { + "name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" + }, + { + "name": "https://github.com/curl/curl/commit/curl-7_50_2~32", + "refsource": "CONFIRM", + "url": "https://github.com/curl/curl/commit/curl-7_50_2~32" + }, + { + "name": "openSUSE-SU-2016:2379", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "92754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92754" + }, + { + "name": "GLSA-201701-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-47" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7377.json b/2016/7xxx/CVE-2016-7377.json index 4d84175eb0e..e50ae461c2c 100644 --- a/2016/7xxx/CVE-2016-7377.json +++ b/2016/7xxx/CVE-2016-7377.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7377", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7377", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7894.json b/2016/7xxx/CVE-2016-7894.json index 0f25f84834d..b8dc500d472 100644 --- a/2016/7xxx/CVE-2016-7894.json +++ b/2016/7xxx/CVE-2016-7894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7894", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7894", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file