From cc24100290efee941ad57c1ff6c22e6ee23adbe5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:02:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0385.json | 34 ++-- 2006/0xxx/CVE-2006-0449.json | 170 ++++++++-------- 2006/0xxx/CVE-2006-0548.json | 170 ++++++++-------- 2006/1xxx/CVE-2006-1295.json | 160 +++++++-------- 2006/1xxx/CVE-2006-1444.json | 190 +++++++++--------- 2006/1xxx/CVE-2006-1572.json | 180 ++++++++--------- 2006/1xxx/CVE-2006-1812.json | 150 +++++++------- 2006/1xxx/CVE-2006-1934.json | 370 +++++++++++++++++----------------- 2006/4xxx/CVE-2006-4203.json | 160 +++++++-------- 2006/4xxx/CVE-2006-4657.json | 180 ++++++++--------- 2006/4xxx/CVE-2006-4699.json | 34 ++-- 2006/4xxx/CVE-2006-4802.json | 170 ++++++++-------- 2006/5xxx/CVE-2006-5939.json | 160 +++++++-------- 2010/0xxx/CVE-2010-0231.json | 140 ++++++------- 2010/0xxx/CVE-2010-0894.json | 180 ++++++++--------- 2010/2xxx/CVE-2010-2031.json | 150 +++++++------- 2010/2xxx/CVE-2010-2232.json | 140 ++++++------- 2010/2xxx/CVE-2010-2606.json | 34 ++-- 2010/3xxx/CVE-2010-3018.json | 120 +++++------ 2010/3xxx/CVE-2010-3162.json | 140 ++++++------- 2010/3xxx/CVE-2010-3740.json | 140 ++++++------- 2010/3xxx/CVE-2010-3839.json | 250 +++++++++++------------ 2010/4xxx/CVE-2010-4064.json | 34 ++-- 2010/4xxx/CVE-2010-4409.json | 310 ++++++++++++++-------------- 2010/4xxx/CVE-2010-4579.json | 170 ++++++++-------- 2010/4xxx/CVE-2010-4694.json | 300 +++++++++++++-------------- 2011/5xxx/CVE-2011-5232.json | 34 ++-- 2014/3xxx/CVE-2014-3186.json | 230 ++++++++++----------- 2014/3xxx/CVE-2014-3292.json | 150 +++++++------- 2014/3xxx/CVE-2014-3563.json | 150 +++++++------- 2014/3xxx/CVE-2014-3662.json | 130 ++++++------ 2014/4xxx/CVE-2014-4791.json | 34 ++-- 2014/8xxx/CVE-2014-8197.json | 34 ++-- 2014/8xxx/CVE-2014-8468.json | 34 ++-- 2014/8xxx/CVE-2014-8885.json | 34 ++-- 2014/9xxx/CVE-2014-9057.json | 150 +++++++------- 2014/9xxx/CVE-2014-9633.json | 140 ++++++------- 2014/9xxx/CVE-2014-9805.json | 140 ++++++------- 2014/9xxx/CVE-2014-9861.json | 34 ++-- 2016/2xxx/CVE-2016-2184.json | 380 +++++++++++++++++------------------ 2016/2xxx/CVE-2016-2321.json | 34 ++-- 2016/2xxx/CVE-2016-2406.json | 120 +++++------ 2016/2xxx/CVE-2016-2552.json | 34 ++-- 2016/2xxx/CVE-2016-2654.json | 34 ++-- 2016/3xxx/CVE-2016-3132.json | 160 +++++++-------- 2016/6xxx/CVE-2016-6193.json | 130 ++++++------ 2016/6xxx/CVE-2016-6313.json | 220 ++++++++++---------- 2016/6xxx/CVE-2016-6506.json | 170 ++++++++-------- 2016/6xxx/CVE-2016-6777.json | 140 ++++++------- 2016/6xxx/CVE-2016-6925.json | 160 +++++++-------- 2016/6xxx/CVE-2016-6979.json | 140 ++++++------- 2016/7xxx/CVE-2016-7252.json | 140 ++++++------- 2016/7xxx/CVE-2016-7660.json | 170 ++++++++-------- 2016/7xxx/CVE-2016-7968.json | 130 ++++++------ 54 files changed, 3846 insertions(+), 3846 deletions(-) diff --git a/2006/0xxx/CVE-2006-0385.json b/2006/0xxx/CVE-2006-0385.json index 6a3d68cefe2..401eb03fdff 100644 --- a/2006/0xxx/CVE-2006-0385.json +++ b/2006/0xxx/CVE-2006-0385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0385", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0385", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0449.json b/2006/0xxx/CVE-2006-0449.json index 860e504182b..59b134e43ea 100644 --- a/2006/0xxx/CVE-2006-0449.json +++ b/2006/0xxx/CVE-2006-0449.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-1/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-1/advisory/" - }, - { - "name" : "16379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16379" - }, - { - "name" : "ADV-2006-0318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0318" - }, - { - "name" : "22766", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22766" - }, - { - "name" : "18480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18480" - }, - { - "name" : "epost-imap-append-dos(24341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0318" + }, + { + "name": "http://secunia.com/secunia_research/2006-1/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-1/advisory/" + }, + { + "name": "22766", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22766" + }, + { + "name": "epost-imap-append-dos(24341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24341" + }, + { + "name": "18480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18480" + }, + { + "name": "16379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16379" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0548.json b/2006/0xxx/CVE-2006-0548.json index ec1170563d5..58e91f96d5f 100644 --- a/2006/0xxx/CVE-2006-0548.json +++ b/2006/0xxx/CVE-2006-0548.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html", - "refsource" : "MISC", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" - }, - { - "name" : "TA06-018A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" - }, - { - "name" : "VU#150332", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/150332" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html" + }, + { + "name": "VU#150332", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/150332" + }, + { + "name": "TA06-018A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-018A.html" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html", + "refsource": "MISC", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1295.json b/2006/1xxx/CVE-2006-1295.json index a9dc81ed6b0..32092365b6c 100644 --- a/2006/1xxx/CVE-2006-1295.json +++ b/2006/1xxx/CVE-2006-1295.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.silitix.com/spip-xss.html", - "refsource" : "MISC", - "url" : "http://www.silitix.com/spip-xss.html" - }, - { - "name" : "http://www.zone-h.fr/advisories/read/id=1105", - "refsource" : "MISC", - "url" : "http://www.zone-h.fr/advisories/read/id=1105" - }, - { - "name" : "http://zone.spip.org/trac/spip-zone/changeset/1672", - "refsource" : "CONFIRM", - "url" : "http://zone.spip.org/trac/spip-zone/changeset/1672" - }, - { - "name" : "17130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17130" - }, - { - "name" : "spip-research-xss(25389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zone-h.fr/advisories/read/id=1105", + "refsource": "MISC", + "url": "http://www.zone-h.fr/advisories/read/id=1105" + }, + { + "name": "17130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17130" + }, + { + "name": "http://www.silitix.com/spip-xss.html", + "refsource": "MISC", + "url": "http://www.silitix.com/spip-xss.html" + }, + { + "name": "spip-research-xss(25389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25389" + }, + { + "name": "http://zone.spip.org/trac/spip-zone/changeset/1672", + "refsource": "CONFIRM", + "url": "http://zone.spip.org/trac/spip-zone/changeset/1672" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1444.json b/2006/1xxx/CVE-2006-1444.json index 0d0481297ac..15e1780486a 100644 --- a/2006/1xxx/CVE-2006-1444.json +++ b/2006/1xxx/CVE-2006-1444.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreGraphics in Apple Mac OS X 10.4.6, when \"Enable access for assistive devices\" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "25588", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25588" - }, - { - "name" : "1016079", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016079" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "macos-coregraphics-quartz-security-bypass(26409)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreGraphics in Apple Mac OS X 10.4.6, when \"Enable access for assistive devices\" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "1016079", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016079" + }, + { + "name": "25588", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25588" + }, + { + "name": "macos-coregraphics-quartz-security-bypass(26409)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26409" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1572.json b/2006/1xxx/CVE-2006-1572.json index bd5ac6fa11c..e52ffe5e495 100644 --- a/2006/1xxx/CVE-2006-1572.json +++ b/2006/1xxx/CVE-2006-1572.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060330 Oxygen<=1.x.x SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429474/100/0/threaded" - }, - { - "name" : "17324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17324" - }, - { - "name" : "ADV-2006-1181", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1181" - }, - { - "name" : "24287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24287" - }, - { - "name" : "19481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19481" - }, - { - "name" : "658", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/658" - }, - { - "name" : "oxygen-post-sql-injection(25570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060330 Oxygen<=1.x.x SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429474/100/0/threaded" + }, + { + "name": "658", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/658" + }, + { + "name": "19481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19481" + }, + { + "name": "24287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24287" + }, + { + "name": "oxygen-post-sql-injection(25570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25570" + }, + { + "name": "ADV-2006-1181", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1181" + }, + { + "name": "17324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17324" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1812.json b/2006/1xxx/CVE-2006-1812.json index 1a4ec95803b..462f6b5856c 100644 --- a/2006/1xxx/CVE-2006-1812.json +++ b/2006/1xxx/CVE-2006-1812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 PhpWebFTP 3.2 Login Script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431115/100/0/threaded" - }, - { - "name" : "17557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17557" - }, - { - "name" : "19706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19706" - }, - { - "name" : "phpwebftp-scriptjs-obtain-information(25921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17557" + }, + { + "name": "phpwebftp-scriptjs-obtain-information(25921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25921" + }, + { + "name": "19706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19706" + }, + { + "name": "20060417 PhpWebFTP 3.2 Login Script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431115/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1934.json b/2006/1xxx/CVE-2006-1934.json index 9f0a594efbc..4dce7e045b3 100644 --- a/2006/1xxx/CVE-2006-1934.json +++ b/2006/1xxx/CVE-2006-1934.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" - }, - { - "name" : "DSA-1049", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1049" - }, - { - "name" : "FEDORA-2006-456", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" - }, - { - "name" : "FEDORA-2006-461", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" - }, - { - "name" : "GLSA-200604-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" - }, - { - "name" : "MDKSA-2006:077", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" - }, - { - "name" : "RHSA-2006:0420", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0420.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SR:2006:010", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" - }, - { - "name" : "17682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17682" - }, - { - "name" : "oval:org.mitre.oval:def:10445", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10445" - }, - { - "name" : "ADV-2006-1501", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1501" - }, - { - "name" : "1015985", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015985" - }, - { - "name" : "19769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19769" - }, - { - "name" : "19805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19805" - }, - { - "name" : "19828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19828" - }, - { - "name" : "19839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19839" - }, - { - "name" : "19958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19958" - }, - { - "name" : "19962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19962" - }, - { - "name" : "20117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20117" - }, - { - "name" : "20944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20944" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "ethereal-alcap-dissector-bo(26014)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26014" - }, - { - "name" : "ethereal-net-instr-bo(26026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26026" - }, - { - "name" : "ethereal-netxwin-sniffer-bo(26027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ethereal-net-instr-bo(26026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26026" + }, + { + "name": "19828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19828" + }, + { + "name": "19839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19839" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "ethereal-alcap-dissector-bo(26014)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26014" + }, + { + "name": "FEDORA-2006-456", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" + }, + { + "name": "MDKSA-2006:077", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00023.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00023.html" + }, + { + "name": "19769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19769" + }, + { + "name": "19962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19962" + }, + { + "name": "FEDORA-2006-461", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" + }, + { + "name": "1015985", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015985" + }, + { + "name": "GLSA-200604-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" + }, + { + "name": "ADV-2006-1501", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1501" + }, + { + "name": "DSA-1049", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1049" + }, + { + "name": "19805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19805" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "SUSE-SR:2006:010", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" + }, + { + "name": "oval:org.mitre.oval:def:10445", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10445" + }, + { + "name": "20117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20117" + }, + { + "name": "17682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17682" + }, + { + "name": "20944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20944" + }, + { + "name": "ethereal-netxwin-sniffer-bo(26027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26027" + }, + { + "name": "RHSA-2006:0420", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0420.html" + }, + { + "name": "19958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19958" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4203.json b/2006/4xxx/CVE-2006-4203.json index d2b389c8a35..d23fd4c8c40 100644 --- a/2006/4xxx/CVE-2006-4203.json +++ b/2006/4xxx/CVE-2006-4203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2182", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2182" - }, - { - "name" : "19502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19502" - }, - { - "name" : "ADV-2006-3278", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3278" - }, - { - "name" : "21479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21479" - }, - { - "name" : "commmp-help-file-include(28361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3278", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3278" + }, + { + "name": "19502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19502" + }, + { + "name": "21479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21479" + }, + { + "name": "2182", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2182" + }, + { + "name": "commmp-help-file-include(28361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28361" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4657.json b/2006/4xxx/CVE-2006-4657.json index df92883fcd4..895a7f6e899 100644 --- a/2006/4xxx/CVE-2006-4657.json +++ b/2006/4xxx/CVE-2006-4657.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445479/100/0/threaded" - }, - { - "name" : "20060913 Re: SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445889/100/0/threaded" - }, - { - "name" : "http://www.security.nnov.ru/advisories/pandais.asp", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/advisories/pandais.asp" - }, - { - "name" : "19891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19891" - }, - { - "name" : "ADV-2006-3514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3514" - }, - { - "name" : "21769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21769" - }, - { - "name" : "1524", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1524", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1524" + }, + { + "name": "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded" + }, + { + "name": "19891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19891" + }, + { + "name": "http://www.security.nnov.ru/advisories/pandais.asp", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/advisories/pandais.asp" + }, + { + "name": "20060913 Re: SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445889/100/0/threaded" + }, + { + "name": "ADV-2006-3514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3514" + }, + { + "name": "21769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21769" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4699.json b/2006/4xxx/CVE-2006-4699.json index c180b8eadc1..bf82647d238 100644 --- a/2006/4xxx/CVE-2006-4699.json +++ b/2006/4xxx/CVE-2006-4699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4699", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4699", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4802.json b/2006/4xxx/CVE-2006-4802.json index b36c8da20f4..a2479b6df37 100644 --- a/2006/4xxx/CVE-2006-4802.json +++ b/2006/4xxx/CVE-2006-4802.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a \"second format string vulnerability\" as found by the vendor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446293/100/0/threaded" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html" - }, - { - "name" : "19986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19986" - }, - { - "name" : "1016842", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016842" - }, - { - "name" : "21884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21884" - }, - { - "name" : "symantecantivirus-alert-dos(28937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a \"second format string vulnerability\" as found by the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016842", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016842" + }, + { + "name": "symantecantivirus-alert-dos(28937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28937" + }, + { + "name": "19986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19986" + }, + { + "name": "21884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21884" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html" + }, + { + "name": "20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5939.json b/2006/5xxx/CVE-2006-5939.json index 7ab7ec8715f..871334e65b6 100644 --- a/2006/5xxx/CVE-2006-5939.json +++ b/2006/5xxx/CVE-2006-5939.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 AVG Anti-Virus - Arbitrary Code Execution (remote)", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116343152030074&w=2" - }, - { - "name" : "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01", - "refsource" : "CONFIRM", - "url" : "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01" - }, - { - "name" : "ADV-2006-4498", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4498" - }, - { - "name" : "22811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22811" - }, - { - "name" : "avg-doc-dos(30247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avg-doc-dos(30247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30247" + }, + { + "name": "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01", + "refsource": "CONFIRM", + "url": "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01" + }, + { + "name": "20061113 AVG Anti-Virus - Arbitrary Code Execution (remote)", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116343152030074&w=2" + }, + { + "name": "ADV-2006-4498", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4498" + }, + { + "name": "22811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22811" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0231.json b/2010/0xxx/CVE-2010-0231.json index a86557bf60c..e9450891161 100644 --- a/2010/0xxx/CVE-2010-0231.json +++ b/2010/0xxx/CVE-2010-0231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain \"duplicate values,\" and spoofing of an authentication token, aka \"SMB NTLM Authentication Lack of Entropy Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7751", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain \"duplicate values,\" and spoofing of an authentication token, aka \"SMB NTLM Authentication Lack of Entropy Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7751", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7751" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0894.json b/2010/0xxx/CVE-2010-0894.json index 2d56e6a2e99..9fe537d5213 100644 --- a/2010/0xxx/CVE-2010-0894.json +++ b/2010/0xxx/CVE-2010-0894.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "267568", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267568-1" - }, - { - "name" : "1020934", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020934.1-1" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "39457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39457" - }, - { - "name" : "39431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39431" - }, - { - "name" : "osps-sjsa-unspecified(57750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "39431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39431" + }, + { + "name": "267568", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267568-1" + }, + { + "name": "39457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39457" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "1020934", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020934.1-1" + }, + { + "name": "osps-sjsa-unspecified(57750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57750" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2031.json b/2010/2xxx/CVE-2010-2031.json index 47063759b33..48069e60930 100644 --- a/2010/2xxx/CVE-2010-2031.json +++ b/2010/2xxx/CVE-2010-2031.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12710", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12710" - }, - { - "name" : "40342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40342" - }, - { - "name" : "39916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39916" - }, - { - "name" : "webshield-kavsafe-privilege-escalation(58780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40342" + }, + { + "name": "webshield-kavsafe-privilege-escalation(58780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58780" + }, + { + "name": "39916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39916" + }, + { + "name": "12710", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12710" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2232.json b/2010/2xxx/CVE-2010-2232.json index f6338104d88..e8808009cb4 100644 --- a/2010/2xxx/CVE-2010-2232.json +++ b/2010/2xxx/CVE-2010-2232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2010-2232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Derby", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2010-2232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Derby", + "version": { + "version_data": [ + { + "version_value": "10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925", - "refsource" : "CONFIRM", - "url" : "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925" - }, - { - "name" : "https://issues.apache.org/jira/browse/DERBY-2925", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/DERBY-2925" - }, - { - "name" : "101562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/DERBY-2925", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/DERBY-2925" + }, + { + "name": "101562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101562" + }, + { + "name": "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925", + "refsource": "CONFIRM", + "url": "http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2606.json b/2010/2xxx/CVE-2010-2606.json index cb0e297aeeb..e8569dbae2f 100644 --- a/2010/2xxx/CVE-2010-2606.json +++ b/2010/2xxx/CVE-2010-2606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3018.json b/2010/3xxx/CVE-2010-3018.json index 9e7d8e6de47..9d146341cd8 100644 --- a/2010/3xxx/CVE-2010-3018.json +++ b/2010/3xxx/CVE-2010-3018.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2010-3018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100908 ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSA® Access Manager Server under certain conditions.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-09/0056.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100908 ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSA® Access Manager Server under certain conditions.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0056.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3162.json b/2010/3xxx/CVE-2010-3162.json index 2fd5da14f0e..2afdd058e84 100644 --- a/2010/3xxx/CVE-2010-3162.json +++ b/2010/3xxx/CVE-2010-3162.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.venus.dti.ne.jp/mw31/apsaly/Vulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://www.venus.dti.ne.jp/mw31/apsaly/Vulnerability.html" - }, - { - "name" : "JVN#71138390", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71138390/index.html" - }, - { - "name" : "JVNDB-2010-000046", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000046.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Apsaly before 3.74 allows local users to gain privileges via a Trojan horse executable file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71138390", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71138390/index.html" + }, + { + "name": "JVNDB-2010-000046", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000046.html" + }, + { + "name": "http://www.venus.dti.ne.jp/mw31/apsaly/Vulnerability.html", + "refsource": "CONFIRM", + "url": "http://www.venus.dti.ne.jp/mw31/apsaly/Vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3740.json b/2010/3xxx/CVE-2010-3740.json index 00a4751e1a0..b5fa0789507 100644 --- a/2010/3xxx/CVE-2010-3740.json +++ b/2010/3xxx/CVE-2010-3740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IC66613", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613" - }, - { - "name" : "oval:org.mitre.oval:def:13811", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "IC66613", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613" + }, + { + "name": "oval:org.mitre.oval:def:13811", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3839.json b/2010/3xxx/CVE-2010-3839.json index 168948f0105..48da836063b 100644 --- a/2010/3xxx/CVE-2010-3839.json +++ b/2010/3xxx/CVE-2010-3839.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.mysql.com/bug.php?id=53544", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=53544" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640861", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640861" - }, - { - "name" : "MDVSA-2010:222", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" - }, - { - "name" : "MDVSA-2010:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" - }, - { - "name" : "RHSA-2010:0825", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" - }, - { - "name" : "RHSA-2011:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" - }, - { - "name" : "USN-1017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1017-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "43676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43676" - }, - { - "name" : "42936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42936" - }, - { - "name" : "ADV-2011-0170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0170" - }, - { - "name" : "mysql-invocations-dos(64839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "USN-1017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1017-1" + }, + { + "name": "MDVSA-2010:222", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" + }, + { + "name": "RHSA-2011:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html" + }, + { + "name": "ADV-2011-0170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0170" + }, + { + "name": "43676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43676" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=53544", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=53544" + }, + { + "name": "42936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42936" + }, + { + "name": "RHSA-2010:0825", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html" + }, + { + "name": "mysql-invocations-dos(64839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64839" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640861", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640861" + }, + { + "name": "MDVSA-2010:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4064.json b/2010/4xxx/CVE-2010-4064.json index 5c5b93dc23a..a7ef176c6d9 100644 --- a/2010/4xxx/CVE-2010-4064.json +++ b/2010/4xxx/CVE-2010-4064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4409.json b/2010/4xxx/CVE-2010-4409.json index 55b4957645f..b60cb14be26 100644 --- a/2010/4xxx/CVE-2010-4409.json +++ b/2010/4xxx/CVE-2010-4409.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515142/100/0/threaded" - }, - { - "name" : "15722", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15722" - }, - { - "name" : "http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/formatter/formatter_attr.c?r1=305571&r2=305570&pathrev=305571", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/formatter/formatter_attr.c?r1=305571&r2=305570&pathrev=305571" - }, - { - "name" : "http://svn.php.net/viewvc?view=revision&revision=305571", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc?view=revision&revision=305571" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "FEDORA-2010-18976", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" - }, - { - "name" : "FEDORA-2010-19011", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" - }, - { - "name" : "MDVSA-2010:255", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:255" - }, - { - "name" : "MDVSA-2010:254", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:254" - }, - { - "name" : "openSUSE-SU-2012:0100", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html" - }, - { - "name" : "USN-1042-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1042-1" - }, - { - "name" : "VU#479900", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/479900" - }, - { - "name" : "45119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45119" - }, - { - "name" : "42812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42812" - }, - { - "name" : "47674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47674" - }, - { - "name" : "ADV-2011-0020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0020" - }, - { - "name" : "ADV-2011-0021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0021" - }, - { - "name" : "ADV-2011-0077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.php.net/viewvc?view=revision&revision=305571", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc?view=revision&revision=305571" + }, + { + "name": "ADV-2011-0077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0077" + }, + { + "name": "47674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47674" + }, + { + "name": "FEDORA-2010-19011", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" + }, + { + "name": "42812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42812" + }, + { + "name": "MDVSA-2010:255", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:255" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "USN-1042-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1042-1" + }, + { + "name": "ADV-2011-0021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0021" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "openSUSE-SU-2012:0100", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html" + }, + { + "name": "20101210 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515142/100/0/threaded" + }, + { + "name": "MDVSA-2010:254", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:254" + }, + { + "name": "15722", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15722" + }, + { + "name": "FEDORA-2010-18976", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" + }, + { + "name": "ADV-2011-0020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0020" + }, + { + "name": "http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/formatter/formatter_attr.c?r1=305571&r2=305570&pathrev=305571", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/formatter/formatter_attr.c?r1=305571&r2=305570&pathrev=305571" + }, + { + "name": "45119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45119" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + }, + { + "name": "VU#479900", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/479900" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4579.json b/2010/4xxx/CVE-2010-4579.json index f16212e0e94..8015f505237 100644 --- a/2010/4xxx/CVE-2010-4579.json +++ b/2010/4xxx/CVE-2010-4579.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1100/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1100/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1100/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1100/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1100/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1100/" - }, - { - "name" : "http://www.opera.com/support/kb/view/977/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/977/" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "42653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/977/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/977/" + }, + { + "name": "42653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42653" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1100/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1100/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1100/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1100/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1100/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1100/" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4694.json b/2010/4xxx/CVE-2010-4694.json index 67c94793a46..1889aa24432 100644 --- a/2010/4xxx/CVE-2010-4694.json +++ b/2010/4xxx/CVE-2010-4694.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101121 CVE Request: gif2png: command-line buffer overflow problem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/21/1" - }, - { - "name" : "[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/22/1" - }, - { - "name" : "[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/22/3" - }, - { - "name" : "[oss-security] 20101122 Re: CVE Request: gif2png: command-line buffer overflow problem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/22/12" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=346501", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=346501" - }, - { - "name" : "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup" - }, - { - "name" : "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log", - "refsource" : "CONFIRM", - "url" : "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=547515", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=547515" - }, - { - "name" : "FEDORA-2010-0358", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html" - }, - { - "name" : "GLSA-201101-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-01.xml" - }, - { - "name" : "GLSA-201203-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-15.xml" - }, - { - "name" : "MDVSA-2011:009", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:009" - }, - { - "name" : "45815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45815" - }, - { - "name" : "42796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42796" - }, - { - "name" : "ADV-2010-3036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3036" - }, - { - "name" : "ADV-2011-0023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0023" - }, - { - "name" : "ADV-2011-0107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0107" - }, - { - "name" : "gif2png-gif-bo(64754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201203-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-15.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=547515", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547515" + }, + { + "name": "[oss-security] 20101122 Re: CVE Request: gif2png: command-line buffer overflow problem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/22/12" + }, + { + "name": "ADV-2011-0023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0023" + }, + { + "name": "MDVSA-2011:009", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:009" + }, + { + "name": "[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/22/3" + }, + { + "name": "42796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42796" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=346501", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=346501" + }, + { + "name": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log", + "refsource": "CONFIRM", + "url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?root=extras&view=log" + }, + { + "name": "gif2png-gif-bo(64754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64754" + }, + { + "name": "ADV-2010-3036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3036" + }, + { + "name": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup" + }, + { + "name": "[oss-security] 20101121 CVE Request: gif2png: command-line buffer overflow problem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/21/1" + }, + { + "name": "ADV-2011-0107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0107" + }, + { + "name": "GLSA-201101-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-01.xml" + }, + { + "name": "45815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45815" + }, + { + "name": "[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/22/1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978" + }, + { + "name": "FEDORA-2010-0358", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5232.json b/2011/5xxx/CVE-2011-5232.json index 1ee6b5cb1f4..88823309973 100644 --- a/2011/5xxx/CVE-2011-5232.json +++ b/2011/5xxx/CVE-2011-5232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5232", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0025. Reason: This candidate is a duplicate of CVE-2012-0025. Notes: All CVE users should reference CVE-2012-0025 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-5232", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0025. Reason: This candidate is a duplicate of CVE-2012-0025. Notes: All CVE users should reference CVE-2012-0025 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3186.json b/2014/3xxx/CVE-2014-3186.json index e3b63777af4..fd4cf505c66 100644 --- a/2014/3xxx/CVE-2014-3186.json +++ b/2014/3xxx/CVE-2014-3186.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140911 Re: Multiple Linux USB driver CVE assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/22" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=101", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=101" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141407", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141407" - }, - { - "name" : "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "USN-2376-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2376-1" - }, - { - "name" : "USN-2377-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2377-1" - }, - { - "name" : "USN-2378-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2378-1" - }, - { - "name" : "USN-2379-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2379-1" - }, - { - "name" : "69763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140911 Re: Multiple Linux USB driver CVE assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/11/22" + }, + { + "name": "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189" + }, + { + "name": "USN-2377-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2377-1" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "USN-2378-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2378-1" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141407", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141407" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189" + }, + { + "name": "69763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69763" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=101", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=101" + }, + { + "name": "USN-2379-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2379-1" + }, + { + "name": "USN-2376-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2376-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3292.json b/2014/3xxx/CVE-2014-3292.json index dc54b06de99..10af2e839de 100644 --- a/2014/3xxx/CVE-2014-3292.json +++ b/2014/3xxx/CVE-2014-3292.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574" - }, - { - "name" : "20140609 Multiple Vulnerabilities in Real-Time Monitoring Tool of Cisco Unified Communications Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292" - }, - { - "name" : "1030408", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030408" - }, - { - "name" : "58315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574" + }, + { + "name": "1030408", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030408" + }, + { + "name": "58315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58315" + }, + { + "name": "20140609 Multiple Vulnerabilities in Real-Time Monitoring Tool of Cisco Unified Communications Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3563.json b/2014/3xxx/CVE-2014-3563.json index 6ca8ed70493..b2a8abcc7e5 100644 --- a/2014/3xxx/CVE-2014-3563.json +++ b/2014/3xxx/CVE-2014-3563.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140821 Revised: Salt 2014.1.10 released", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/428" - }, - { - "name" : "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html", - "refsource" : "CONFIRM", - "url" : "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html" - }, - { - "name" : "69319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69319" - }, - { - "name" : "salt-cve20143563-symlink(95392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "salt-cve20143563-symlink(95392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392" + }, + { + "name": "[oss-security] 20140821 Revised: Salt 2014.1.10 released", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/428" + }, + { + "name": "69319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69319" + }, + { + "name": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html", + "refsource": "CONFIRM", + "url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3662.json b/2014/3xxx/CVE-2014-3662.json index 45007200140..7d361d7d753 100644 --- a/2014/3xxx/CVE-2014-3662.json +++ b/2014/3xxx/CVE-2014-3662.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4791.json b/2014/4xxx/CVE-2014-4791.json index 8360f502d1d..ad792083a70 100644 --- a/2014/4xxx/CVE-2014-4791.json +++ b/2014/4xxx/CVE-2014-4791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8197.json b/2014/8xxx/CVE-2014-8197.json index e2581eed743..afb08e1c150 100644 --- a/2014/8xxx/CVE-2014-8197.json +++ b/2014/8xxx/CVE-2014-8197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8197", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8197", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8468.json b/2014/8xxx/CVE-2014-8468.json index bb9bd3da2ec..f43d24da11a 100644 --- a/2014/8xxx/CVE-2014-8468.json +++ b/2014/8xxx/CVE-2014-8468.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8468", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8468", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8885.json b/2014/8xxx/CVE-2014-8885.json index 2c739c492e1..69132b2ee54 100644 --- a/2014/8xxx/CVE-2014-8885.json +++ b/2014/8xxx/CVE-2014-8885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8885", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8885", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9057.json b/2014/9xxx/CVE-2014-9057.json index 92234e4545f..d0335a8148f 100644 --- a/2014/9xxx/CVE-2014-9057.json +++ b/2014/9xxx/CVE-2014-9057.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html", - "refsource" : "CONFIRM", - "url" : "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html" - }, - { - "name" : "https://movabletype.org/news/2014/12/6.0.6.html", - "refsource" : "CONFIRM", - "url" : "https://movabletype.org/news/2014/12/6.0.6.html" - }, - { - "name" : "DSA-3183", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2015/dsa-3183" - }, - { - "name" : "61227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61227" + }, + { + "name": "DSA-3183", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2015/dsa-3183" + }, + { + "name": "https://movabletype.org/news/2014/12/6.0.6.html", + "refsource": "CONFIRM", + "url": "https://movabletype.org/news/2014/12/6.0.6.html" + }, + { + "name": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html", + "refsource": "CONFIRM", + "url": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9633.json b/2014/9xxx/CVE-2014-9633.json index 5e98b818792..3827a58e731 100644 --- a/2014/9xxx/CVE-2014-9633.json +++ b/2014/9xxx/CVE-2014-9633.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35905", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35905" - }, - { - "name" : "http://packetstormsecurity.com/files/130094/Comodo-Backup-4.4.0.0-NULL-Pointer-Dereference.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130094/Comodo-Backup-4.4.0.0-NULL-Pointer-Dereference.html" - }, - { - "name" : "http://forums.comodo.com/news-announcements-feedback-cb/comodo-backup-44123-released-t107293.0.html", - "refsource" : "CONFIRM", - "url" : "http://forums.comodo.com/news-announcements-feedback-cb/comodo-backup-44123-released-t107293.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35905", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35905" + }, + { + "name": "http://packetstormsecurity.com/files/130094/Comodo-Backup-4.4.0.0-NULL-Pointer-Dereference.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130094/Comodo-Backup-4.4.0.0-NULL-Pointer-Dereference.html" + }, + { + "name": "http://forums.comodo.com/news-announcements-feedback-cb/comodo-backup-44123-released-t107293.0.html", + "refsource": "CONFIRM", + "url": "http://forums.comodo.com/news-announcements-feedback-cb/comodo-backup-44123-released-t107293.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9805.json b/2014/9xxx/CVE-2014-9805.json index 52133c5b10a..1a34f853794 100644 --- a/2014/9xxx/CVE-2014-9805.json +++ b/2014/9xxx/CVE-2014-9805.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343460", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343460", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343460" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9861.json b/2014/9xxx/CVE-2014-9861.json index 8ec9d6ed39b..af5d0f0df98 100644 --- a/2014/9xxx/CVE-2014-9861.json +++ b/2014/9xxx/CVE-2014-9861.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9861", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9861", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2184.json b/2016/2xxx/CVE-2016-2184.json index 209adde4999..f3fb8f66a0a 100644 --- a/2016/2xxx/CVE-2016-2184.json +++ b/2016/2xxx/CVE-2016-2184.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Mar/88" - }, - { - "name" : "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Mar/89" - }, - { - "name" : "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Mar/102" - }, - { - "name" : "39555", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39555/" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1317012" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" - }, - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1690", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1707", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1764", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "openSUSE-SU-2016:1008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" - }, - { - "name" : "SUSE-SU-2016:1019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" - }, - { - "name" : "USN-2996-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2996-1" - }, - { - "name" : "USN-2997-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2997-1" - }, - { - "name" : "USN-2968-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-1" - }, - { - "name" : "USN-2968-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2968-2" - }, - { - "name" : "USN-2969-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2969-1" - }, - { - "name" : "USN-2970-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2970-1" - }, - { - "name" : "USN-2971-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-1" - }, - { - "name" : "USN-2971-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-2" - }, - { - "name" : "USN-2971-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2971-3" - }, - { - "name" : "84340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2971-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-2" + }, + { + "name": "SUSE-SU-2016:1690", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + }, + { + "name": "20160310 oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Mar/89" + }, + { + "name": "84340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84340" + }, + { + "name": "USN-2970-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2970-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317012" + }, + { + "name": "USN-2969-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2969-1" + }, + { + "name": "USN-2968-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f886ca12765d20124bd06291c82951fd49a33be" + }, + { + "name": "USN-2971-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-3" + }, + { + "name": "USN-2997-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2997-1" + }, + { + "name": "SUSE-SU-2016:1764", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "USN-2971-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2971-1" + }, + { + "name": "SUSE-SU-2016:1707", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + }, + { + "name": "USN-2996-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2996-1" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "SUSE-SU-2016:1019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1" + }, + { + "name": "USN-2968-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2968-2" + }, + { + "name": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0f886ca12765d20124bd06291c82951fd49a33be" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "20160310 oss-2016-16: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Mar/88" + }, + { + "name": "20160314 Re: oss-2016-17: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Mar/102" + }, + { + "name": "openSUSE-SU-2016:1008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" + }, + { + "name": "39555", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39555/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2321.json b/2016/2xxx/CVE-2016-2321.json index 1331e37b54f..0ffcf046355 100644 --- a/2016/2xxx/CVE-2016-2321.json +++ b/2016/2xxx/CVE-2016-2321.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2321", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2321", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2406.json b/2016/2xxx/CVE-2016-2406.json index 786ee629748..ee4d5da5a84 100644 --- a/2016/2xxx/CVE-2016-2406.json +++ b/2016/2xxx/CVE-2016-2406.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2552.json b/2016/2xxx/CVE-2016-2552.json index 0c8233c5af7..a8de416b6fa 100644 --- a/2016/2xxx/CVE-2016-2552.json +++ b/2016/2xxx/CVE-2016-2552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2654.json b/2016/2xxx/CVE-2016-2654.json index e5b8d0fa1fb..46236696a9d 100644 --- a/2016/2xxx/CVE-2016-2654.json +++ b/2016/2xxx/CVE-2016-2654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2654", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2654", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3132.json b/2016/3xxx/CVE-2016-3132.json index 87d22a23ab3..fad8255b413 100644 --- a/2016/3xxx/CVE-2016-3132.json +++ b/2016/3xxx/CVE-2016-3132.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1", - "refsource" : "CONFIRM", - "url" : "http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1" - }, - { - "name" : "https://bugs.php.net/bug.php?id=71735", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=71735" - }, - { - "name" : "https://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "https://php.net/ChangeLog-7.php" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2016-3132", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2016-3132" - }, - { - "name" : "92356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2016-3132", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2016-3132" + }, + { + "name": "https://bugs.php.net/bug.php?id=71735", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=71735" + }, + { + "name": "92356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92356" + }, + { + "name": "http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1", + "refsource": "CONFIRM", + "url": "http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1" + }, + { + "name": "https://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "https://php.net/ChangeLog-7.php" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6193.json b/2016/6xxx/CVE-2016-6193.json index bb0dd55089f..080502491ff 100644 --- a/2016/6xxx/CVE-2016-6193.json +++ b/2016/6xxx/CVE-2016-6193.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en" - }, - { - "name" : "91735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en" + }, + { + "name": "91735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91735" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6313.json b/2016/6xxx/CVE-2016-6313.json index 08f88152b8a..d24109546ff 100644 --- a/2016/6xxx/CVE-2016-6313.json +++ b/2016/6xxx/CVE-2016-6313.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]", - "refsource" : "MLIST", - "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS", - "refsource" : "CONFIRM", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS" - }, - { - "name" : "DSA-3649", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3649" - }, - { - "name" : "DSA-3650", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3650" - }, - { - "name" : "GLSA-201610-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-04" - }, - { - "name" : "GLSA-201612-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-01" - }, - { - "name" : "RHSA-2016:2674", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2674.html" - }, - { - "name" : "USN-3064-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3064-1" - }, - { - "name" : "USN-3065-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3065-1" - }, - { - "name" : "92527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92527" - }, - { - "name" : "1036635", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3650", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3650" + }, + { + "name": "GLSA-201612-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-01" + }, + { + "name": "USN-3064-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3064-1" + }, + { + "name": "DSA-3649", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3649" + }, + { + "name": "GLSA-201610-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-04" + }, + { + "name": "1036635", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036635" + }, + { + "name": "[gnupg-announce] 20160817 [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]", + "refsource": "MLIST", + "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html" + }, + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS", + "refsource": "CONFIRM", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS" + }, + { + "name": "RHSA-2016:2674", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2674.html" + }, + { + "name": "92527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92527" + }, + { + "name": "USN-3065-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3065-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6506.json b/2016/6xxx/CVE-2016-6506.json index 8565d128dcc..5285cff567e 100644 --- a/2016/6xxx/CVE-2016-6506.json +++ b/2016/6xxx/CVE-2016-6506.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/28/3" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-42.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-42.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499" - }, - { - "name" : "DSA-3648", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3648" - }, - { - "name" : "1036480", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/28/3" + }, + { + "name": "DSA-3648", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3648" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-42.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-42.html" + }, + { + "name": "1036480", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036480" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6777.json b/2016/6xxx/CVE-2016-6777.json index a4cb588030f..9eee47306fd 100644 --- a/2016/6xxx/CVE-2016-6777.json +++ b/2016/6xxx/CVE-2016-6777.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "94674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94674" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6925.json b/2016/6xxx/CVE-2016-6925.json index 528825cc966..0bc251cd549 100644 --- a/2016/6xxx/CVE-2016-6925.json +++ b/2016/6xxx/CVE-2016-6925.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:1865", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html" - }, - { - "name" : "92927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92927" - }, - { - "name" : "1036791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" + }, + { + "name": "RHSA-2016:1865", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html" + }, + { + "name": "92927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92927" + }, + { + "name": "1036791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036791" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6979.json b/2016/6xxx/CVE-2016-6979.json index 0ebdf1ba7e6..aeb05f395b6 100644 --- a/2016/6xxx/CVE-2016-6979.json +++ b/2016/6xxx/CVE-2016-6979.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6988, and CVE-2016-6993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93491" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6988, and CVE-2016-6993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "93491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93491" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7252.json b/2016/7xxx/CVE-2016-7252.json index 39615e75a03..18b1139a6b1 100644 --- a/2016/7xxx/CVE-2016-7252.json +++ b/2016/7xxx/CVE-2016-7252.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka \"SQL Analysis Services Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-136", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" - }, - { - "name" : "94050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94050" - }, - { - "name" : "1037250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka \"SQL Analysis Services Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037250" + }, + { + "name": "94050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94050" + }, + { + "name": "MS16-136", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7660.json b/2016/7xxx/CVE-2016-7660.json index 45deef84725..71095ac16c1 100644 --- a/2016/7xxx/CVE-2016-7660.json +++ b/2016/7xxx/CVE-2016-7660.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"syslog\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40959", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40959/" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"syslog\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "40959", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40959/" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7968.json b/2016/7xxx/CVE-2016-7968.json index 4907cbe2694..2df36884ff5 100644 --- a/2016/7xxx/CVE-2016-7968.json +++ b/2016/7xxx/CVE-2016-7968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/1" - }, - { - "name" : "93360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93360" + }, + { + "name": "[oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/1" + } + ] + } +} \ No newline at end of file