From d83db36ebf28ad5d2b88b3bf0f6ff634fe9edf5c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:32:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0047.json | 220 +++++++++++------------ 2006/0xxx/CVE-2006-0086.json | 150 ++++++++-------- 2006/0xxx/CVE-2006-0237.json | 150 ++++++++-------- 2006/0xxx/CVE-2006-0353.json | 190 ++++++++++---------- 2006/1xxx/CVE-2006-1249.json | 220 +++++++++++------------ 2006/1xxx/CVE-2006-1712.json | 190 ++++++++++---------- 2006/1xxx/CVE-2006-1720.json | 170 +++++++++--------- 2006/4xxx/CVE-2006-4195.json | 180 +++++++++---------- 2006/4xxx/CVE-2006-4457.json | 130 +++++++------- 2006/4xxx/CVE-2006-4795.json | 210 +++++++++++----------- 2006/5xxx/CVE-2006-5616.json | 180 +++++++++---------- 2010/0xxx/CVE-2010-0558.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2024.json | 290 +++++++++++++++--------------- 2010/2xxx/CVE-2010-2555.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2765.json | 250 +++++++++++++------------- 2010/2xxx/CVE-2010-2813.json | 260 +++++++++++++-------------- 2010/3xxx/CVE-2010-3043.json | 160 ++++++++--------- 2010/3xxx/CVE-2010-3061.json | 150 ++++++++-------- 2010/3xxx/CVE-2010-3496.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3620.json | 200 ++++++++++----------- 2010/3xxx/CVE-2010-3961.json | 190 ++++++++++---------- 2010/4xxx/CVE-2010-4014.json | 34 ++-- 2010/4xxx/CVE-2010-4253.json | 300 +++++++++++++++---------------- 2010/4xxx/CVE-2010-4590.json | 150 ++++++++-------- 2010/4xxx/CVE-2010-4826.json | 150 ++++++++-------- 2011/5xxx/CVE-2011-5062.json | 290 +++++++++++++++--------------- 2014/3xxx/CVE-2014-3535.json | 160 ++++++++--------- 2014/4xxx/CVE-2014-4173.json | 34 ++-- 2014/4xxx/CVE-2014-4477.json | 210 +++++++++++----------- 2014/8xxx/CVE-2014-8269.json | 140 +++++++-------- 2014/8xxx/CVE-2014-8825.json | 150 ++++++++-------- 2014/9xxx/CVE-2014-9107.json | 34 ++-- 2014/9xxx/CVE-2014-9365.json | 240 ++++++++++++------------- 2014/9xxx/CVE-2014-9507.json | 130 +++++++------- 2014/9xxx/CVE-2014-9705.json | 340 +++++++++++++++++------------------ 2014/9xxx/CVE-2014-9777.json | 140 +++++++-------- 2014/9xxx/CVE-2014-9837.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2319.json | 34 ++-- 2016/2xxx/CVE-2016-2623.json | 34 ++-- 2016/2xxx/CVE-2016-2671.json | 34 ++-- 2016/3xxx/CVE-2016-3647.json | 140 +++++++-------- 2016/6xxx/CVE-2016-6334.json | 150 ++++++++-------- 2016/6xxx/CVE-2016-6602.json | 200 ++++++++++----------- 2016/6xxx/CVE-2016-6766.json | 160 ++++++++--------- 2016/6xxx/CVE-2016-6935.json | 130 +++++++------- 2016/6xxx/CVE-2016-6936.json | 150 ++++++++-------- 2016/7xxx/CVE-2016-7042.json | 190 ++++++++++---------- 2016/7xxx/CVE-2016-7327.json | 34 ++-- 2016/7xxx/CVE-2016-7506.json | 130 +++++++------- 2016/7xxx/CVE-2016-7945.json | 200 ++++++++++----------- 50 files changed, 4069 insertions(+), 4069 deletions(-) diff --git a/2006/0xxx/CVE-2006-0047.json b/2006/0xxx/CVE-2006-0047.json index a9c99786204..1b5a6adabbe 100644 --- a/2006/0xxx/CVE-2006-0047.json +++ b/2006/0xxx/CVE-2006-0047.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 Out of memory crash in Freeciv 2.0.7", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426866/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211" - }, - { - "name" : "DSA-994", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-994" - }, - { - "name" : "GLSA-200603-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-11.xml" - }, - { - "name" : "MDKSA-2006:053", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:053" - }, - { - "name" : "16975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16975" - }, - { - "name" : "ADV-2006-0838", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0838" - }, - { - "name" : "19120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19120" - }, - { - "name" : "19253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19253" - }, - { - "name" : "19227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19227" - }, - { - "name" : "freeciv-packets-dos(25166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16975" + }, + { + "name": "GLSA-200603-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-11.xml" + }, + { + "name": "MDKSA-2006:053", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:053" + }, + { + "name": "20060306 Out of memory crash in Freeciv 2.0.7", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426866/100/0/threaded" + }, + { + "name": "19253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19253" + }, + { + "name": "DSA-994", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-994" + }, + { + "name": "19227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19227" + }, + { + "name": "ADV-2006-0838", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0838" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211" + }, + { + "name": "19120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19120" + }, + { + "name": "freeciv-packets-dos(25166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25166" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0086.json b/2006/0xxx/CVE-2006-0086.json index 9ec56597611..636cf499659 100644 --- a/2006/0xxx/CVE-2006-0086.json +++ b/2006/0xxx/CVE-2006-0086.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22202-nextgen.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22202-nextgen.txt" - }, - { - "name" : "ADV-2006-0037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0037" - }, - { - "name" : "22202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22202" - }, - { - "name" : "18309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22202" + }, + { + "name": "ADV-2006-0037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0037" + }, + { + "name": "http://osvdb.org/ref/22/22202-nextgen.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22202-nextgen.txt" + }, + { + "name": "18309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18309" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0237.json b/2006/0xxx/CVE-2006-0237.json index 13b9d832ae7..3e9eccc9150 100644 --- a/2006/0xxx/CVE-2006-0237.json +++ b/2006/0xxx/CVE-2006-0237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16255" - }, - { - "name" : "ADV-2006-0214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0214" - }, - { - "name" : "18470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18470" - }, - { - "name" : "gtpicommerce-index-xss(24150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18470" + }, + { + "name": "gtpicommerce-index-xss(24150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24150" + }, + { + "name": "16255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16255" + }, + { + "name": "ADV-2006-0214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0214" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0353.json b/2006/0xxx/CVE-2006-0353.json index da563d791ba..f46257bc2fe 100644 --- a/2006/0xxx/CVE-2006-0353.json +++ b/2006/0xxx/CVE-2006-0353.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[lsh-bugs] SECURITY: lshd leaks fd:s to user shells", - "refsource" : "MLIST", - "url" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html" - }, - { - "name" : "DSA-956", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-956" - }, - { - "name" : "16357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16357" - }, - { - "name" : "ADV-2006-0301", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0301" - }, - { - "name" : "22695", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22695" - }, - { - "name" : "18564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18564" - }, - { - "name" : "18623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18623" - }, - { - "name" : "lsh-file-descriptor-leak(24263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16357" + }, + { + "name": "[lsh-bugs] SECURITY: lshd leaks fd:s to user shells", + "refsource": "MLIST", + "url": "http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html" + }, + { + "name": "18623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18623" + }, + { + "name": "22695", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22695" + }, + { + "name": "lsh-file-descriptor-leak(24263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24263" + }, + { + "name": "DSA-956", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-956" + }, + { + "name": "ADV-2006-0301", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0301" + }, + { + "name": "18564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18564" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1249.json b/2006/1xxx/CVE-2006-1249.json index f1b5b78ec89..8727a532e1f 100644 --- a/2006/1xxx/CVE-2006-1249.json +++ b/2006/1xxx/CVE-2006-1249.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060511 [EEYEB-20060307] Apple QuickTime FPX Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433850/100/0/threaded" - }, - { - "name" : "http://www.eeye.com/html/research/upcoming/20060307b.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/upcoming/20060307b.html" - }, - { - "name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" - }, - { - "name" : "TA06-132B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" - }, - { - "name" : "VU#570689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/570689" - }, - { - "name" : "17074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17074" - }, - { - "name" : "ADV-2006-1778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1778" - }, - { - "name" : "1016067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016067" - }, - { - "name" : "20069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20069" - }, - { - "name" : "quicktime-flashpix-overflow(26398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20069" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" + }, + { + "name": "1016067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016067" + }, + { + "name": "TA06-132B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" + }, + { + "name": "VU#570689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/570689" + }, + { + "name": "17074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17074" + }, + { + "name": "http://www.eeye.com/html/research/upcoming/20060307b.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/upcoming/20060307b.html" + }, + { + "name": "ADV-2006-1778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1778" + }, + { + "name": "quicktime-flashpix-overflow(26398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26398" + }, + { + "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded" + }, + { + "name": "20060511 [EEYEB-20060307] Apple QuickTime FPX Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433850/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1712.json b/2006/1xxx/CVE-2006-1712.json index a8e56a6ccac..8f2ad9d824f 100644 --- a/2006/1xxx/CVE-2006-1712.json +++ b/2006/1xxx/CVE-2006-1712.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Mailman-Announce] 20060407 Released: Mailman 2.1.8 release candidate", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html" - }, - { - "name" : "http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html", - "refsource" : "CONFIRM", - "url" : "http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=129136", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=129136" - }, - { - "name" : "17403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17403" - }, - { - "name" : "ADV-2006-1269", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1269" - }, - { - "name" : "24442", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24442" - }, - { - "name" : "1015876", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015876" - }, - { - "name" : "19558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015876", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015876" + }, + { + "name": "24442", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24442" + }, + { + "name": "19558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19558" + }, + { + "name": "[Mailman-Announce] 20060407 Released: Mailman 2.1.8 release candidate", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html" + }, + { + "name": "ADV-2006-1269", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1269" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=129136", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=129136" + }, + { + "name": "17403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17403" + }, + { + "name": "http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html", + "refsource": "CONFIRM", + "url": "http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1720.json b/2006/1xxx/CVE-2006-1720.json index 6cd9f90c8e0..9f8e4087ddb 100644 --- a/2006/1xxx/CVE-2006-1720.json +++ b/2006/1xxx/CVE-2006-1720.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060407 Xss In SaphpLesson3.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430293/100/0/threaded" - }, - { - "name" : "17414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17414" - }, - { - "name" : "ADV-2006-1317", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1317" - }, - { - "name" : "1015883", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015883" - }, - { - "name" : "683", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/683" - }, - { - "name" : "saphplesson-search-xss(25719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060407 Xss In SaphpLesson3.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430293/100/0/threaded" + }, + { + "name": "683", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/683" + }, + { + "name": "17414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17414" + }, + { + "name": "ADV-2006-1317", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1317" + }, + { + "name": "1015883", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015883" + }, + { + "name": "saphplesson-search-xss(25719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25719" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4195.json b/2006/4xxx/CVE-2006-4195.json index 822d8e12144..5f04299080f 100644 --- a/2006/4xxx/CVE-2006-4195.json +++ b/2006/4xxx/CVE-2006-4195.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443201/100/0/threaded" - }, - { - "name" : "2184", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2184" - }, - { - "name" : "19505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19505" - }, - { - "name" : "ADV-2006-3277", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3277" - }, - { - "name" : "21470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21470" - }, - { - "name" : "1406", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1406" - }, - { - "name" : "peoplebook-param-file-include(28359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3277", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3277" + }, + { + "name": "peoplebook-param-file-include(28359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28359" + }, + { + "name": "21470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21470" + }, + { + "name": "2184", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2184" + }, + { + "name": "1406", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1406" + }, + { + "name": "20060814 Peoplebook Mambo Component <= v1.0 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443201/100/0/threaded" + }, + { + "name": "19505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19505" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4457.json b/2006/4xxx/CVE-2006-4457.json index 14c53822c42..d7851569bef 100644 --- a/2006/4xxx/CVE-2006-4457.json +++ b/2006/4xxx/CVE-2006-4457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3411" - }, - { - "name" : "21676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3411" + }, + { + "name": "21676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21676" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4795.json b/2006/4xxx/CVE-2006-4795.json index d2307cff4fb..f5a74a11102 100644 --- a/2006/4xxx/CVE-2006-4795.json +++ b/2006/4xxx/CVE-2006-4795.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-193.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-193.htm" - }, - { - "name" : "HPSBUX02151", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/445893/100/0/threaded" - }, - { - "name" : "SSRT051021", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/445893/100/0/threaded" - }, - { - "name" : "19999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19999" - }, - { - "name" : "oval:org.mitre.oval:def:5427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5427" - }, - { - "name" : "ADV-2006-3597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3597" - }, - { - "name" : "1016841", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016841" - }, - { - "name" : "21909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21909" - }, - { - "name" : "22010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22010" - }, - { - "name" : "1596", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21909" + }, + { + "name": "1016841", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016841" + }, + { + "name": "22010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22010" + }, + { + "name": "19999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19999" + }, + { + "name": "1596", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1596" + }, + { + "name": "HPSBUX02151", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/445893/100/0/threaded" + }, + { + "name": "SSRT051021", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/445893/100/0/threaded" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-193.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-193.htm" + }, + { + "name": "oval:org.mitre.oval:def:5427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5427" + }, + { + "name": "ADV-2006-3597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3597" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5616.json b/2006/5xxx/CVE-2006-5616.json index 2e442775300..d9b59c1588d 100644 --- a/2006/5xxx/CVE-2006-5616.json +++ b/2006/5xxx/CVE-2006-5616.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200704-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200704-04.xml" - }, - { - "name" : "SUSE-SR:2006:025", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0007.html" - }, - { - "name" : "20776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20776" - }, - { - "name" : "ADV-2006-4250", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4250" - }, - { - "name" : "22637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22637" - }, - { - "name" : "24716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24716" - }, - { - "name" : "openpbs-unspecified-code-execution(29944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20776" + }, + { + "name": "24716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24716" + }, + { + "name": "SUSE-SR:2006:025", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0007.html" + }, + { + "name": "22637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22637" + }, + { + "name": "openpbs-unspecified-code-execution(29944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29944" + }, + { + "name": "ADV-2006-4250", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4250" + }, + { + "name": "GLSA-200704-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200704-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0558.json b/2010/0xxx/CVE-2010-0558.json index 1e8d1ef81a4..9b884e4a073 100644 --- a/2010/0xxx/CVE-2010-0558.json +++ b/2010/0xxx/CVE-2010-0558.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "275790", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275790-1" - }, - { - "name" : "1023545", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023545" - }, - { - "name" : "opensolaris-smbadm-unspecified(56521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "275790", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275790-1" + }, + { + "name": "1023545", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023545" + }, + { + "name": "opensolaris-smbadm-unspecified(56521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56521" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2024.json b/2010/2xxx/CVE-2010-2024.json index 0bf78655e34..2b08e1688e7 100644 --- a/2010/2xxx/CVE-2010-2024.json +++ b/2010/2xxx/CVE-2010-2024.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100603 Multiple vulnerabilities in Exim", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511653/100/0/threaded" - }, - { - "name" : "20100603 Multiple vulnerabilities in Exim", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html" - }, - { - "name" : "[exim-dev] 20100524 Security issues in exim4 local delivery", - "refsource" : "MLIST", - "url" : "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html" - }, - { - "name" : "http://bugs.exim.org/show_bug.cgi?id=989", - "refsource" : "CONFIRM", - "url" : "http://bugs.exim.org/show_bug.cgi?id=989" - }, - { - "name" : "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2", - "refsource" : "CONFIRM", - "url" : "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2" - }, - { - "name" : "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26", - "refsource" : "CONFIRM", - "url" : "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=600097", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=600097" - }, - { - "name" : "FEDORA-2010-9506", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html" - }, - { - "name" : "FEDORA-2010-9524", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "USN-1060-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1060-1" - }, - { - "name" : "40454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40454" - }, - { - "name" : "40019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40019" - }, - { - "name" : "40123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40123" - }, - { - "name" : "43243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43243" - }, - { - "name" : "ADV-2010-1402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1402" - }, - { - "name" : "ADV-2011-0364", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0364" - }, - { - "name" : "exim-mbx-symlink(59042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100603 Multiple vulnerabilities in Exim", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=600097", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600097" + }, + { + "name": "ADV-2010-1402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1402" + }, + { + "name": "40454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40454" + }, + { + "name": "ADV-2011-0364", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0364" + }, + { + "name": "43243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43243" + }, + { + "name": "exim-mbx-symlink(59042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59042" + }, + { + "name": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26", + "refsource": "CONFIRM", + "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26" + }, + { + "name": "40019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40019" + }, + { + "name": "[exim-dev] 20100524 Security issues in exim4 local delivery", + "refsource": "MLIST", + "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html" + }, + { + "name": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2", + "refsource": "CONFIRM", + "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2" + }, + { + "name": "40123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40123" + }, + { + "name": "20100603 Multiple vulnerabilities in Exim", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded" + }, + { + "name": "FEDORA-2010-9524", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "USN-1060-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1060-1" + }, + { + "name": "http://bugs.exim.org/show_bug.cgi?id=989", + "refsource": "CONFIRM", + "url": "http://bugs.exim.org/show_bug.cgi?id=989" + }, + { + "name": "FEDORA-2010-9506", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2555.json b/2010/2xxx/CVE-2010-2555.json index ecc874f75a0..21884b049f3 100644 --- a/2010/2xxx/CVE-2010-2555.json +++ b/2010/2xxx/CVE-2010-2555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka \"Tracing Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11426", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka \"Tracing Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059" + }, + { + "name": "oval:org.mitre.oval:def:11426", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11426" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2765.json b/2010/2xxx/CVE-2010-2765.json index 3434b6ed3a3..02fa4ed56f3 100644 --- a/2010/2xxx/CVE-2010-2765.json +++ b/2010/2xxx/CVE-2010-2765.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=576447", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=576447" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100110210", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100110210" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "DSA-2106", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2106" - }, - { - "name" : "FEDORA-2010-14362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "43095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43095" - }, - { - "name" : "oval:org.mitre.oval:def:11519", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "FEDORA-2010-14362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100110210", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100110210" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=576447", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576447" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "oval:org.mitre.oval:def:11519", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "DSA-2106", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2106" + }, + { + "name": "43095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43095" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2813.json b/2010/2xxx/CVE-2010-2813.json index 5e0b07379c9..e96115f76eb 100644 --- a/2010/2xxx/CVE-2010-2813.json +++ b/2010/2xxx/CVE-2010-2813.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.org/security/issue/2010-07-23", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.org/security/issue/2010-07-23" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=618096", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=618096" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "DSA-2091", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2091" - }, - { - "name" : "FEDORA-2010-11410", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html" - }, - { - "name" : "FEDORA-2010-11422", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html" - }, - { - "name" : "RHSA-2012:0103", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0103.html" - }, - { - "name" : "42399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42399" - }, - { - "name" : "40964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40964" - }, - { - "name" : "40971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40971" - }, - { - "name" : "ADV-2010-2070", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2070" - }, - { - "name" : "ADV-2010-2080", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2080" - }, - { - "name" : "squirrelmail-imap-dos(61124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-11422", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "squirrelmail-imap-dos(61124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124" + }, + { + "name": "FEDORA-2010-11410", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972" + }, + { + "name": "DSA-2091", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2091" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "40964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40964" + }, + { + "name": "ADV-2010-2080", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2080" + }, + { + "name": "42399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42399" + }, + { + "name": "RHSA-2012:0103", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html" + }, + { + "name": "40971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40971" + }, + { + "name": "http://squirrelmail.org/security/issue/2010-07-23", + "refsource": "CONFIRM", + "url": "http://squirrelmail.org/security/issue/2010-07-23" + }, + { + "name": "ADV-2010-2070", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2070" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=618096", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3043.json b/2010/3xxx/CVE-2010-3043.json index 966516eec71..051da09c2e8 100644 --- a/2010/3xxx/CVE-2010-3043.json +++ b/2010/3xxx/CVE-2010-3043.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016" - }, - { - "name" : "20110201 Multiple Cisco WebEx Player Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml" - }, - { - "name" : "46075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46075" - }, - { - "name" : "1025016", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025016" - }, - { - "name" : "webex-wrf-bo(65074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml" + }, + { + "name": "webex-wrf-bo(65074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65074" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016" + }, + { + "name": "46075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46075" + }, + { + "name": "1025016", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025016" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3061.json b/2010/3xxx/CVE-2010-3061.json index 9d4fe3ae6c1..a815856e280 100644 --- a/2010/3xxx/CVE-2010-3061.json +++ b/2010/3xxx/CVE-2010-3061.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820" - }, - { - "name" : "IC69883", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" - }, - { - "name" : "42549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42549" - }, - { - "name" : "41044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820" + }, + { + "name": "41044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41044" + }, + { + "name": "IC69883", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" + }, + { + "name": "42549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42549" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3496.json b/2010/3xxx/CVE-2010-3496.json index 82b82ee0db7..62133a7e972 100644 --- a/2010/3xxx/CVE-2010-3496.json +++ b/2010/3xxx/CVE-2010-3496.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101018 Antivirus detection after malware execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514356" - }, - { - "name" : "http://www.n00bz.net/antivirus-cve", - "refsource" : "MISC", - "url" : "http://www.n00bz.net/antivirus-cve" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10012", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20101018 Antivirus detection after malware execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514356" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10012", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10012" + }, + { + "name": "http://www.n00bz.net/antivirus-cve", + "refsource": "MISC", + "url": "http://www.n00bz.net/antivirus-cve" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3620.json b/2010/3xxx/CVE-2010-3620.json index 77afbf07bdb..6a64cbb8c42 100644 --- a/2010/3xxx/CVE-2010-3620.json +++ b/2010/3xxx/CVE-2010-3620.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "GLSA-201101-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml" - }, - { - "name" : "RHSA-2010:0743", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7589", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7589" - }, - { - "name" : "43025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43025" - }, - { - "name" : "ADV-2011-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "ADV-2011-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0191" + }, + { + "name": "43025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43025" + }, + { + "name": "oval:org.mitre.oval:def:7589", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7589" + }, + { + "name": "GLSA-201101-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-08.xml" + }, + { + "name": "RHSA-2010:0743", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3961.json b/2010/3xxx/CVE-2010-3961.json index 193af04f2ac..efcbf5eefd8 100644 --- a/2010/3xxx/CVE-2010-3961.json +++ b/2010/3xxx/CVE-2010-3961.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka \"Consent UI Impersonation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-100", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "45318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45318" - }, - { - "name" : "69824", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69824" - }, - { - "name" : "oval:org.mitre.oval:def:12323", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323" - }, - { - "name" : "1024882", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024882" - }, - { - "name" : "42614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42614" - }, - { - "name" : "ADV-2010-3222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka \"Consent UI Impersonation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42614" + }, + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "oval:org.mitre.oval:def:12323", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12323" + }, + { + "name": "ADV-2010-3222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3222" + }, + { + "name": "1024882", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024882" + }, + { + "name": "45318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45318" + }, + { + "name": "MS10-100", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-100" + }, + { + "name": "69824", + "refsource": "OSVDB", + "url": "http://osvdb.org/69824" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4014.json b/2010/4xxx/CVE-2010-4014.json index 5b91ac84e07..b43ecf84b58 100644 --- a/2010/4xxx/CVE-2010-4014.json +++ b/2010/4xxx/CVE-2010-4014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4253.json b/2010/4xxx/CVE-2010-4253.json index 8ae63711456..804ea595886 100644 --- a/2010/4xxx/CVE-2010-4253.json +++ b/2010/4xxx/CVE-2010-4253.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openoffice.org/security/cves/CVE-2010-4253.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2010-4253.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=658259", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=658259" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "DSA-2151", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2151" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "MDVSA-2011:027", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" - }, - { - "name" : "RHSA-2011:0182", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0182.html" - }, - { - "name" : "USN-1056-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1056-1" - }, - { - "name" : "46031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46031" - }, - { - "name" : "70717", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70717" - }, - { - "name" : "1025002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025002" - }, - { - "name" : "43065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43065" - }, - { - "name" : "42999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42999" - }, - { - "name" : "43105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43105" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - }, - { - "name" : "40775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40775" - }, - { - "name" : "ADV-2011-0230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0230" - }, - { - "name" : "ADV-2011-0232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0232" - }, - { - "name" : "ADV-2011-0279", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40775" + }, + { + "name": "46031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46031" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=658259", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=658259" + }, + { + "name": "DSA-2151", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2151" + }, + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2010-4253.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2010-4253.html" + }, + { + "name": "43065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43065" + }, + { + "name": "ADV-2011-0230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0230" + }, + { + "name": "70717", + "refsource": "OSVDB", + "url": "http://osvdb.org/70717" + }, + { + "name": "1025002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025002" + }, + { + "name": "ADV-2011-0232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0232" + }, + { + "name": "RHSA-2011:0182", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html" + }, + { + "name": "USN-1056-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1056-1" + }, + { + "name": "ADV-2011-0279", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0279" + }, + { + "name": "43105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43105" + }, + { + "name": "MDVSA-2011:027", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027" + }, + { + "name": "42999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42999" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4590.json b/2010/4xxx/CVE-2010-4590.json index e23874ddf7a..970a6de233c 100644 --- a/2010/4xxx/CVE-2010-4590.json +++ b/2010/4xxx/CVE-2010-4590.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27020327", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27020327" - }, - { - "name" : "IZ77536", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ77536" - }, - { - "name" : "1024871", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024871" - }, - { - "name" : "ADV-2010-3209", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ77536", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ77536" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327" + }, + { + "name": "1024871", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024871" + }, + { + "name": "ADV-2010-3209", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3209" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4826.json b/2010/4xxx/CVE-2010-4826.json index 79160197ffd..e9b859ec538 100644 --- a/2010/4xxx/CVE-2010-4826.json +++ b/2010/4xxx/CVE-2010-4826.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770", - "refsource" : "CONFIRM", - "url" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770" - }, - { - "name" : "45381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45381" - }, - { - "name" : "69794", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69794" - }, - { - "name" : "42308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42308" + }, + { + "name": "69794", + "refsource": "OSVDB", + "url": "http://osvdb.org/69794" + }, + { + "name": "45381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45381" + }, + { + "name": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770", + "refsource": "CONFIRM", + "url": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5062.json b/2011/5xxx/CVE-2011-5062.json index d8be1be8d3d..b223a314eda 100644 --- a/2011/5xxx/CVE-2011-5062.json +++ b/2011/5xxx/CVE-2011-5062.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=rev&rev=1087655", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&rev=1087655" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&rev=1158180", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&rev=1158180" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&rev=1159309", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&rev=1159309" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "DSA-2401", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2401" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "RHSA-2011:1845", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1845.html" - }, - { - "name" : "RHSA-2012:0074", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0074.html" - }, - { - "name" : "RHSA-2012:0075", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0075.html" - }, - { - "name" : "RHSA-2012:0076", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0076.html" - }, - { - "name" : "RHSA-2012:0077", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0077.html" - }, - { - "name" : "RHSA-2012:0078", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0078.html" - }, - { - "name" : "RHSA-2012:0325", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0325.html" - }, - { - "name" : "SUSE-SU-2012:0155", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" - }, - { - "name" : "openSUSE-SU-2012:0208", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2401", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2401" + }, + { + "name": "SUSE-SU-2012:0155", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html" + }, + { + "name": "RHSA-2012:0325", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&rev=1159309", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&rev=1159309" + }, + { + "name": "RHSA-2012:0078", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html" + }, + { + "name": "RHSA-2011:1845", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&rev=1158180", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&rev=1158180" + }, + { + "name": "RHSA-2012:0075", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html" + }, + { + "name": "RHSA-2012:0074", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&rev=1087655", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&rev=1087655" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "openSUSE-SU-2012:0208", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html" + }, + { + "name": "RHSA-2012:0076", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "RHSA-2012:0077", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3535.json b/2014/3xxx/CVE-2014-3535.json index 3747c2ae4a5..65fcbffc0b5 100644 --- a/2014/3xxx/CVE-2014-3535.json +++ b/2014/3xxx/CVE-2014-3535.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=256df2f3879efdb2e9808bdb1b54b16fbb11fa38", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=256df2f3879efdb2e9808bdb1b54b16fbb11fa38" - }, - { - "name" : "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36", - "refsource" : "CONFIRM", - "url" : "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1114540", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1114540" - }, - { - "name" : "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38" - }, - { - "name" : "69721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36", + "refsource": "CONFIRM", + "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=256df2f3879efdb2e9808bdb1b54b16fbb11fa38", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=256df2f3879efdb2e9808bdb1b54b16fbb11fa38" + }, + { + "name": "69721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69721" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540" + }, + { + "name": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4173.json b/2014/4xxx/CVE-2014-4173.json index 96720f73248..d4e4a845ddf 100644 --- a/2014/4xxx/CVE-2014-4173.json +++ b/2014/4xxx/CVE-2014-4173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4477.json b/2014/4xxx/CVE-2014-4477.json index e7dde6b8042..1df90e6ab1b 100644 --- a/2014/4xxx/CVE-2014-4477.json +++ b/2014/4xxx/CVE-2014-4477.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204243", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204243" - }, - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-01-27-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "72331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72331" - }, - { - "name" : "1031647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031647" + }, + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "http://support.apple.com/HT204243", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204243" + }, + { + "name": "72331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72331" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "APPLE-SA-2015-01-27-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8269.json b/2014/8xxx/CVE-2014-8269.json index 1fafb1ed2ab..62764609cdf 100644 --- a/2014/8xxx/CVE-2014-8269.json +++ b/2014/8xxx/CVE-2014-8269.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-8269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-423/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-423/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-424/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-424/" - }, - { - "name" : "VU#659684", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/659684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-423/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-423/" + }, + { + "name": "VU#659684", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/659684" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-424/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-424/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8825.json b/2014/8xxx/CVE-2014-8825.json index acc7b0a4fd0..73c22c4fa4f 100644 --- a/2014/8xxx/CVE-2014-8825.json +++ b/2014/8xxx/CVE-2014-8825.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148825-spoofing(100517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "macosx-cve20148825-spoofing(100517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100517" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9107.json b/2014/9xxx/CVE-2014-9107.json index 3fb0a37b547..95105b58378 100644 --- a/2014/9xxx/CVE-2014-9107.json +++ b/2014/9xxx/CVE-2014-9107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9365.json b/2014/9xxx/CVE-2014-9365.json index 03f7985733f..e1fa0703733 100644 --- a/2014/9xxx/CVE-2014-9365.json +++ b/2014/9xxx/CVE-2014-9365.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141211 CVE request: Python, standard library HTTP clients", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/11/1" - }, - { - "name" : "http://bugs.python.org/issue22417", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue22417" - }, - { - "name" : "https://www.python.org/dev/peps/pep-0476/", - "refsource" : "CONFIRM", - "url" : "https://www.python.org/dev/peps/pep-0476/" - }, - { - "name" : "https://www.python.org/downloads/release/python-279/", - "refsource" : "CONFIRM", - "url" : "https://www.python.org/downloads/release/python-279/" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "GLSA-201503-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-10" - }, - { - "name" : "RHSA-2016:1166", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1166" - }, - { - "name" : "RHSA-2017:1162", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1162" - }, - { - "name" : "RHSA-2017:1868", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1868" - }, - { - "name" : "71639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1162", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1162" + }, + { + "name": "https://www.python.org/dev/peps/pep-0476/", + "refsource": "CONFIRM", + "url": "https://www.python.org/dev/peps/pep-0476/" + }, + { + "name": "71639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71639" + }, + { + "name": "RHSA-2016:1166", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1166" + }, + { + "name": "RHSA-2017:1868", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1868" + }, + { + "name": "http://bugs.python.org/issue22417", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue22417" + }, + { + "name": "GLSA-201503-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-10" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://www.python.org/downloads/release/python-279/", + "refsource": "CONFIRM", + "url": "https://www.python.org/downloads/release/python-279/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "[oss-security] 20141211 CVE request: Python, standard library HTTP clients", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/11/1" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9507.json b/2014/9xxx/CVE-2014-9507.json index eca1485549e..8d910539dac 100644 --- a/2014/9xxx/CVE-2014-9507.json +++ b/2014/9xxx/CVE-2014-9507.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html" - }, - { - "name" : "https://phabricator.wikimedia.org/T72901", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://phabricator.wikimedia.org/T72901", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T72901" + }, + { + "name": "[MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9705.json b/2014/9xxx/CVE-2014-9705.json index 5cb02975c90..64514a4c22a 100644 --- a/2014/9xxx/CVE-2014-9705.json +++ b/2014/9xxx/CVE-2014-9705.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150315 Re: CVE Request: PHP 5.6.6 changelog", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/03/15/6" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23252", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23252" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=68552", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=68552" - }, - { - "name" : "http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "DSA-3195", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3195" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "MDVSA-2015:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079" - }, - { - "name" : "RHSA-2015:1135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html" - }, - { - "name" : "RHSA-2015:1053", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1053.html" - }, - { - "name" : "RHSA-2015:1066", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1066.html" - }, - { - "name" : "RHSA-2015:1218", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html" - }, - { - "name" : "openSUSE-SU-2015:0644", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0868", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html" - }, - { - "name" : "USN-2535-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2535-1" - }, - { - "name" : "73031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73031" - }, - { - "name" : "1031948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3195", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3195" + }, + { + "name": "USN-2535-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2535-1" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://bugs.php.net/bug.php?id=68552", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=68552" + }, + { + "name": "openSUSE-SU-2015:0644", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23252", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23252" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "MDVSA-2015:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "SUSE-SU-2015:0868", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html" + }, + { + "name": "http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "RHSA-2015:1135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html" + }, + { + "name": "RHSA-2015:1053", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html" + }, + { + "name": "[oss-security] 20150315 Re: CVE Request: PHP 5.6.6 changelog", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/03/15/6" + }, + { + "name": "73031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73031" + }, + { + "name": "1031948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031948" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + }, + { + "name": "RHSA-2015:1066", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html" + }, + { + "name": "RHSA-2015:1218", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9777.json b/2014/9xxx/CVE-2014-9777.json index 3448b499125..aa835045624 100644 --- a/2014/9xxx/CVE-2014-9777.json +++ b/2014/9xxx/CVE-2014-9777.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43" + }, + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9837.json b/2014/9xxx/CVE-2014-9837.json index df190711db5..b49d8910326 100644 --- a/2014/9xxx/CVE-2014-9837.json +++ b/2014/9xxx/CVE-2014-9837.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26682", - "refsource" : "MISC", - "url" : "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26682" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=7a7119c6fe19324ee17b8f756dae60c16e470ab2", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=7a7119c6fe19324ee17b8f756dae60c16e470ab2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26682", + "refsource": "MISC", + "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26682" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=7a7119c6fe19324ee17b8f756dae60c16e470ab2", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=7a7119c6fe19324ee17b8f756dae60c16e470ab2" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2319.json b/2016/2xxx/CVE-2016-2319.json index 4cc7146bab5..29158bd6236 100644 --- a/2016/2xxx/CVE-2016-2319.json +++ b/2016/2xxx/CVE-2016-2319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2623.json b/2016/2xxx/CVE-2016-2623.json index dd2170fa15d..6d9092a8581 100644 --- a/2016/2xxx/CVE-2016-2623.json +++ b/2016/2xxx/CVE-2016-2623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2623", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2623", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2671.json b/2016/2xxx/CVE-2016-2671.json index eded7abb115..020bc0e0205 100644 --- a/2016/2xxx/CVE-2016-2671.json +++ b/2016/2xxx/CVE-2016-2671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2671", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2671", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3647.json b/2016/3xxx/CVE-2016-3647.json index 80119a08381..282682f7bad 100644 --- a/2016/3xxx/CVE-2016-3647.json +++ b/2016/3xxx/CVE-2016-3647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2016-3647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01" - }, - { - "name" : "91433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91433" - }, - { - "name" : "1036196", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01" + }, + { + "name": "1036196", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036196" + }, + { + "name": "91433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91433" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6334.json b/2016/6xxx/CVE-2016-6334.json index d6e3b2ceebe..d7b392a6ae9 100644 --- a/2016/6xxx/CVE-2016-6334.json +++ b/2016/6xxx/CVE-2016-6334.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613" - }, - { - "name" : "https://phabricator.wikimedia.org/T137264", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T137264" - }, - { - "name" : "98057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98057" + }, + { + "name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613" + }, + { + "name": "https://phabricator.wikimedia.org/T137264", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T137264" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6602.json b/2016/6xxx/CVE-2016-6602.json index 32689e1d7a8..03dd9e22106 100644 --- a/2016/6xxx/CVE-2016-6602.json +++ b/2016/6xxx/CVE-2016-6602.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539159/100/0/threaded" - }, - { - "name" : "40229", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40229/" - }, - { - "name" : "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/54" - }, - { - "name" : "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure" - }, - { - "name" : "https://blogs.securiteam.com/index.php/archives/2712", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/2712" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt" - }, - { - "name" : "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them", - "refsource" : "CONFIRM", - "url" : "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them" - }, - { - "name" : "92402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/54" + }, + { + "name": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them", + "refsource": "CONFIRM", + "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them" + }, + { + "name": "92402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92402" + }, + { + "name": "40229", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40229/" + }, + { + "name": "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded" + }, + { + "name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure" + }, + { + "name": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html" + }, + { + "name": "https://blogs.securiteam.com/index.php/archives/2712", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/2712" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6766.json b/2016/6xxx/CVE-2016-6766.json index b99bb4628db..4e5055cc8aa 100644 --- a/2016/6xxx/CVE-2016-6766.json +++ b/2016/6xxx/CVE-2016-6766.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94688" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6935.json b/2016/6xxx/CVE-2016-6935.json index 2015d42980a..ccc75616124 100644 --- a/2016/6xxx/CVE-2016-6935.json +++ b/2016/6xxx/CVE-2016-6935.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html" - }, - { - "name" : "93489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93489" + }, + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6936.json b/2016/6xxx/CVE-2016-6936.json index 18d45e14b17..9f145e7c2d6 100644 --- a/2016/6xxx/CVE-2016-6936.json +++ b/2016/6xxx/CVE-2016-6936.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/", - "refsource" : "MISC", - "url" : "https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/" - }, - { - "name" : "https://helpx.adobe.com/security/products/air/apsb16-31.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/air/apsb16-31.html" - }, - { - "name" : "92926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92926" - }, - { - "name" : "1036792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/air/apsb16-31.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/air/apsb16-31.html" + }, + { + "name": "92926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92926" + }, + { + "name": "1036792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036792" + }, + { + "name": "https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/", + "refsource": "MISC", + "url": "https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmission-of-data-in-android-applications-developed-with-adobe-air-cve-2016-6936/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7042.json b/2016/7xxx/CVE-2016-7042.json index 3c804a713f8..35f6285f7b2 100644 --- a/2016/7xxx/CVE-2016-7042.json +++ b/2016/7xxx/CVE-2016-7042.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161013 kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/13/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373966", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373966" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "RHSA-2017:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2669" - }, - { - "name" : "RHSA-2017:0817", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0817.html" - }, - { - "name" : "RHSA-2017:1842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "name" : "RHSA-2017:2077", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2077" - }, - { - "name" : "93544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966" + }, + { + "name": "[oss-security] 20161013 kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/13/5" + }, + { + "name": "RHSA-2017:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2669" + }, + { + "name": "RHSA-2017:0817", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" + }, + { + "name": "RHSA-2017:2077", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2077" + }, + { + "name": "RHSA-2017:1842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1842" + }, + { + "name": "93544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93544" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7327.json b/2016/7xxx/CVE-2016-7327.json index 5e408c6ff01..7c89ec066eb 100644 --- a/2016/7xxx/CVE-2016-7327.json +++ b/2016/7xxx/CVE-2016-7327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7327", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7327", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7506.json b/2016/7xxx/CVE-2016-7506.json index 11bfb07f2a6..833e03f326c 100644 --- a/2016/7xxx/CVE-2016-7506.json +++ b/2016/7xxx/CVE-2016-7506.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.ghostscript.com/show_bug.cgi?id=697141", - "refsource" : "CONFIRM", - "url" : "http://bugs.ghostscript.com/show_bug.cgi?id=697141" - }, - { - "name" : "94241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.ghostscript.com/show_bug.cgi?id=697141", + "refsource": "CONFIRM", + "url": "http://bugs.ghostscript.com/show_bug.cgi?id=697141" + }, + { + "name": "94241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94241" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7945.json b/2016/7xxx/CVE-2016-7945.json index 93cc81cb683..32dfb257d33 100644 --- a/2016/7xxx/CVE-2016-7945.json +++ b/2016/7xxx/CVE-2016-7945.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-7945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4" - }, - { - "name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2" - }, - { - "name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5" - }, - { - "name" : "FEDORA-2016-8b122b0997", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/" - }, - { - "name" : "FEDORA-2016-cabb6d7ef7", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/" - }, - { - "name" : "GLSA-201704-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-03" - }, - { - "name" : "93364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93364" - }, - { - "name" : "1036945", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-8b122b0997", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/" + }, + { + "name": "1036945", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036945" + }, + { + "name": "GLSA-201704-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-03" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5" + }, + { + "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" + }, + { + "name": "FEDORA-2016-cabb6d7ef7", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/" + }, + { + "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4" + }, + { + "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2" + }, + { + "name": "93364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93364" + } + ] + } +} \ No newline at end of file