diff --git a/2006/0xxx/CVE-2006-0304.json b/2006/0xxx/CVE-2006-0304.json index bf891604c85..61b7cbf6636 100644 --- a/2006/0xxx/CVE-2006-0304.json +++ b/2006/0xxx/CVE-2006-0304.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/dualsbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/dualsbof-adv.txt" - }, - { - "name" : "16298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16298" - }, - { - "name" : "ADV-2006-0245", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0245" - }, - { - "name" : "1015495", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015495" - }, - { - "name" : "18486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18486" - }, - { - "name" : "dualdhcpdns-options-field-bo(24191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015495", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015495" + }, + { + "name": "http://aluigi.altervista.org/adv/dualsbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/dualsbof-adv.txt" + }, + { + "name": "16298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16298" + }, + { + "name": "ADV-2006-0245", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0245" + }, + { + "name": "dualdhcpdns-options-field-bo(24191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24191" + }, + { + "name": "18486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18486" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1138.json b/2006/1xxx/CVE-2006-1138.json index 6d8d38af67d..ad515ea4e16 100644 --- a/2006/1xxx/CVE-2006-1138.json +++ b/2006/1xxx/CVE-2006-1138.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf" - }, - { - "name" : "17014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17014" - }, - { - "name" : "ADV-2006-0857", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0857" - }, - { - "name" : "23727", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23727" - }, - { - "name" : "1015738", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015738" - }, - { - "name" : "19146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19146" - }, - { - "name" : "xerox-web-corruption-dos(25175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf" + }, + { + "name": "ADV-2006-0857", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0857" + }, + { + "name": "19146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19146" + }, + { + "name": "xerox-web-corruption-dos(25175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25175" + }, + { + "name": "23727", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23727" + }, + { + "name": "17014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17014" + }, + { + "name": "1015738", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015738" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1408.json b/2006/1xxx/CVE-2006-1408.json index a44c6b4e652..7329e00c38c 100644 --- a/2006/1xxx/CVE-2006-1408.json +++ b/2006/1xxx/CVE-2006-1408.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/vaboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/vaboom-adv.txt" - }, - { - "name" : "17261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17261" - }, - { - "name" : "ADV-2006-1104", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1104" - }, - { - "name" : "19388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19388" - }, - { - "name" : "vavoom-fionread-dos(25454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1104", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1104" + }, + { + "name": "19388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19388" + }, + { + "name": "http://aluigi.altervista.org/adv/vaboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/vaboom-adv.txt" + }, + { + "name": "17261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17261" + }, + { + "name": "vavoom-fionread-dos(25454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25454" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1863.json b/2006/1xxx/CVE-2006-1863.json index 5cc049f2773..83ce068b9fd 100644 --- a/2006/1xxx/CVE-2006-1863.json +++ b/2006/1xxx/CVE-2006-1863.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\" sequences, a similar vulnerability to CVE-2006-1864." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "MDKSA-2006:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" - }, - { - "name" : "MDKSA-2006:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" - }, - { - "name" : "RHBA-2007-0304", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHBA-2007-0304.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "2006-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0024" - }, - { - "name" : "17742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17742" - }, - { - "name" : "oval:org.mitre.oval:def:10383", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10383" - }, - { - "name" : "ADV-2006-1542", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1542" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "25068", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25068" - }, - { - "name" : "19868", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19868" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "21614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21614" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "kernel-cifs-directory-traversal(26141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\" sequences, a similar vulnerability to CVE-2006-1864." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "17742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17742" + }, + { + "name": "MDKSA-2006:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" + }, + { + "name": "oval:org.mitre.oval:def:10383", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10383" + }, + { + "name": "ADV-2006-1542", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1542" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434" + }, + { + "name": "MDKSA-2006:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" + }, + { + "name": "21614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21614" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "RHBA-2007-0304", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHBA-2007-0304.html" + }, + { + "name": "2006-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0024" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "kernel-cifs-directory-traversal(26141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26141" + }, + { + "name": "19868", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19868" + }, + { + "name": "25068", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25068" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5229.json b/2006/5xxx/CVE-2006-5229.json index 88a149e0ee5..885494b476e 100644 --- a/2006/5xxx/CVE-2006-5229.json +++ b/2006/5xxx/CVE-2006-5229.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061009 yet another OpenSSH timing leak?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448025/100/0/threaded" - }, - { - "name" : "20061009 Re: yet another OpenSSH timing leak?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448108/100/0/threaded" - }, - { - "name" : "20061010 Re: yet another OpenSSH timing leak?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448156/100/0/threaded" - }, - { - "name" : "20061014 Re: yet another OpenSSH timing leak?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448702/100/0/threaded" - }, - { - "name" : "http://www.sybsecurity.com/hack-proventia-1.pdf", - "refsource" : "MISC", - "url" : "http://www.sybsecurity.com/hack-proventia-1.pdf" - }, - { - "name" : "20418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20418" - }, - { - "name" : "ADV-2007-2545", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2545" - }, - { - "name" : "32721", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32721" - }, - { - "name" : "25979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25979" + }, + { + "name": "20061014 Re: yet another OpenSSH timing leak?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded" + }, + { + "name": "20061009 yet another OpenSSH timing leak?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded" + }, + { + "name": "20061010 Re: yet another OpenSSH timing leak?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded" + }, + { + "name": "ADV-2007-2545", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2545" + }, + { + "name": "20418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20418" + }, + { + "name": "20061009 Re: yet another OpenSSH timing leak?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded" + }, + { + "name": "32721", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32721" + }, + { + "name": "http://www.sybsecurity.com/hack-proventia-1.pdf", + "refsource": "MISC", + "url": "http://www.sybsecurity.com/hack-proventia-1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5311.json b/2006/5xxx/CVE-2006-5311.json index 3f8d3c43983..f1e380039e3 100644 --- a/2006/5xxx/CVE-2006-5311.json +++ b/2006/5xxx/CVE-2006-5311.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 Buzlas <= v2006-1 Full Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448577/100/0/threaded" - }, - { - "name" : "20511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20511" - }, - { - "name" : "1730", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20511" + }, + { + "name": "20061012 Buzlas <= v2006-1 Full Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448577/100/0/threaded" + }, + { + "name": "1730", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1730" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5434.json b/2006/5xxx/CVE-2006-5434.json index 465d4ae4595..7e26bc7e58d 100644 --- a/2006/5xxx/CVE-2006-5434.json +++ b/2006/5xxx/CVE-2006-5434.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2577", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2577" - }, - { - "name" : "20569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20569" - }, - { - "name" : "pnews-pnews-file-include(29587)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20569" + }, + { + "name": "pnews-pnews-file-include(29587)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29587" + }, + { + "name": "2577", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2577" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5641.json b/2006/5xxx/CVE-2006-5641.json index d7a9b15b0ea..e310a38a491 100644 --- a/2006/5xxx/CVE-2006-5641.json +++ b/2006/5xxx/CVE-2006-5641.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2683", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2683" - }, - { - "name" : "20794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20794" - }, - { - "name" : "ADV-2006-4276", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4276" - }, - { - "name" : "22598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22598" - }, - { - "name" : "technodreamsann-main-sql-injection(29870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "technodreamsann-main-sql-injection(29870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29870" + }, + { + "name": "22598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22598" + }, + { + "name": "2683", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2683" + }, + { + "name": "ADV-2006-4276", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4276" + }, + { + "name": "20794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20794" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5759.json b/2006/5xxx/CVE-2006-5759.json index 9b826899b01..f1850aadc98 100644 --- a/2006/5xxx/CVE-2006-5759.json +++ b/2006/5xxx/CVE-2006-5759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061104 IF-CMS multiples XSS vunerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450566/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=5", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=5" - }, - { - "name" : "1825", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1825" - }, - { - "name" : "ifcms-index-path-disclosure(30012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1825", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1825" + }, + { + "name": "20061104 IF-CMS multiples XSS vunerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450566/100/0/threaded" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=5", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=5" + }, + { + "name": "ifcms-index-path-disclosure(30012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30012" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2061.json b/2007/2xxx/CVE-2007-2061.json index ecd2fb25462..28e298d7815 100644 --- a/2007/2xxx/CVE-2007-2061.json +++ b/2007/2xxx/CVE-2007-2061.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070413 [MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465611/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls44", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls44" - }, - { - "name" : "23481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23481" - }, - { - "name" : "ADV-2007-1416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1416" - }, - { - "name" : "34974", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34974" - }, - { - "name" : "24882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24882" - }, - { - "name" : "2572", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2572" - }, - { - "name" : "mailbee-checklogin-xss(33645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1416" + }, + { + "name": "24882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24882" + }, + { + "name": "mailbee-checklogin-xss(33645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33645" + }, + { + "name": "20070413 [MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465611/100/0/threaded" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls44", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls44" + }, + { + "name": "2572", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2572" + }, + { + "name": "34974", + "refsource": "OSVDB", + "url": "http://osvdb.org/34974" + }, + { + "name": "23481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23481" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2409.json b/2007/2xxx/CVE-2007-2409.json index d7abf0f925f..b27f6d81532 100644 --- a/2007/2xxx/CVE-2007-2409.json +++ b/2007/2xxx/CVE-2007-2409.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "1018494", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018494" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "macos-webcore-information-disclosure(35740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "1018494", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018494" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "macos-webcore-information-disclosure(35740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35740" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2440.json b/2007/2xxx/CVE-2007-2440.json index be3c3b61982..1a0bb16eccb 100644 --- a/2007/2xxx/CVE-2007-2440.json +++ b/2007/2xxx/CVE-2007-2440.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a \"\\web-inf\" sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rapid7.com/advisories/R7-0029.jsp", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0029.jsp" - }, - { - "name" : "http://www.caucho.com/resin-3.1/changes/changes.xtp", - "refsource" : "CONFIRM", - "url" : "http://www.caucho.com/resin-3.1/changes/changes.xtp" - }, - { - "name" : "23985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23985" - }, - { - "name" : "ADV-2007-1824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1824" - }, - { - "name" : "36058", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36058" - }, - { - "name" : "1018061", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018061" - }, - { - "name" : "25286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25286" - }, - { - "name" : "resin-webinf-directory-traversal(34296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a \"\\web-inf\" sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018061", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018061" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0029.jsp", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0029.jsp" + }, + { + "name": "resin-webinf-directory-traversal(34296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34296" + }, + { + "name": "25286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25286" + }, + { + "name": "ADV-2007-1824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1824" + }, + { + "name": "36058", + "refsource": "OSVDB", + "url": "http://osvdb.org/36058" + }, + { + "name": "23985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23985" + }, + { + "name": "http://www.caucho.com/resin-3.1/changes/changes.xtp", + "refsource": "CONFIRM", + "url": "http://www.caucho.com/resin-3.1/changes/changes.xtp" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2475.json b/2007/2xxx/CVE-2007-2475.json index 7cda9684e44..b1d39ea4b5b 100644 --- a/2007/2xxx/CVE-2007-2475.json +++ b/2007/2xxx/CVE-2007-2475.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting \"users excess permissions to their own attributes.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html" - }, - { - "name" : "23547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23547" - }, - { - "name" : "ADV-2007-1436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1436" - }, - { - "name" : "35774", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35774" - }, - { - "name" : "1018006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018006" - }, - { - "name" : "25160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting \"users excess permissions to their own attributes.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018006" + }, + { + "name": "23547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23547" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html" + }, + { + "name": "35774", + "refsource": "OSVDB", + "url": "http://osvdb.org/35774" + }, + { + "name": "ADV-2007-1436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1436" + }, + { + "name": "25160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25160" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2756.json b/2007/2xxx/CVE-2007-2756.json index c8e5a2fed32..0e31927c29d 100644 --- a/2007/2xxx/CVE-2007-2756.json +++ b/2007/2xxx/CVE-2007-2756.json @@ -1,372 +1,372 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.libgd.org/?do=details&task_id=86", - "refsource" : "CONFIRM", - "url" : "http://bugs.libgd.org/?do=details&task_id=86" - }, - { - "name" : "http://www.php.net/releases/5_2_3.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_3.php" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1394", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1394" - }, - { - "name" : "http://www.libgd.org/ReleaseNote020035", - "refsource" : "CONFIRM", - "url" : "http://www.libgd.org/ReleaseNote020035" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm" - }, - { - "name" : "FEDORA-2007-709", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html" - }, - { - "name" : "FEDORA-2007-2215", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" - }, - { - "name" : "GLSA-200708-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-05.xml" - }, - { - "name" : "GLSA-200710-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" - }, - { - "name" : "GLSA-200711-34", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml" - }, - { - "name" : "GLSA-200805-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml" - }, - { - "name" : "HPSBUX02262", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "SSRT071447", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "MDKSA-2007:123", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:123" - }, - { - "name" : "MDKSA-2007:124", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:124" - }, - { - "name" : "MDKSA-2007:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:122" - }, - { - "name" : "MDKSA-2007:187", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187" - }, - { - "name" : "OpenPKG-SA-2007.020", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html" - }, - { - "name" : "RHSA-2007:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0890.html" - }, - { - "name" : "RHSA-2007:0889", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0889.html" - }, - { - "name" : "RHSA-2007:0891", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0891.html" - }, - { - "name" : "RHSA-2008:0146", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0146.html" - }, - { - "name" : "SSA:2007-152-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863" - }, - { - "name" : "SUSE-SR:2007:013", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_13_sr.html" - }, - { - "name" : "SUSE-SA:2007:044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html" - }, - { - "name" : "2007-0019", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0019/" - }, - { - "name" : "2007-0023", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0023/" - }, - { - "name" : "USN-473-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-473-1" - }, - { - "name" : "24089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24089" - }, - { - "name" : "36643", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36643" - }, - { - "name" : "35788", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35788" - }, - { - "name" : "oval:org.mitre.oval:def:10779", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10779" - }, - { - "name" : "ADV-2007-1905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1905" - }, - { - "name" : "ADV-2007-1904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1904" - }, - { - "name" : "ADV-2007-2016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2016" - }, - { - "name" : "ADV-2007-2336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2336" - }, - { - "name" : "ADV-2007-3386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3386" - }, - { - "name" : "1018187", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018187" - }, - { - "name" : "25378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25378" - }, - { - "name" : "25362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25362" - }, - { - "name" : "25353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25353" - }, - { - "name" : "25535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25535" - }, - { - "name" : "25590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25590" - }, - { - "name" : "25575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25575" - }, - { - "name" : "25646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25646" - }, - { - "name" : "25658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25658" - }, - { - "name" : "25657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25657" - }, - { - "name" : "25855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25855" - }, - { - "name" : "26048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26048" - }, - { - "name" : "26231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26231" - }, - { - "name" : "26390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26390" - }, - { - "name" : "26930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26930" - }, - { - "name" : "26871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26871" - }, - { - "name" : "26895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26895" - }, - { - "name" : "26967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26967" - }, - { - "name" : "27037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27037" - }, - { - "name" : "27110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27110" - }, - { - "name" : "25787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25787" - }, - { - "name" : "27545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27545" - }, - { - "name" : "27102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27102" - }, - { - "name" : "29157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29157" - }, - { - "name" : "30168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30168" - }, - { - "name" : "gd-gdpngreaddata-dos(34420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26231" + }, + { + "name": "36643", + "refsource": "OSVDB", + "url": "http://osvdb.org/36643" + }, + { + "name": "1018187", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018187" + }, + { + "name": "29157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29157" + }, + { + "name": "25658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25658" + }, + { + "name": "27110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27110" + }, + { + "name": "25590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25590" + }, + { + "name": "26048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26048" + }, + { + "name": "gd-gdpngreaddata-dos(34420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34420" + }, + { + "name": "25362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25362" + }, + { + "name": "OpenPKG-SA-2007.020", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html" + }, + { + "name": "25657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25657" + }, + { + "name": "FEDORA-2007-709", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html" + }, + { + "name": "25855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25855" + }, + { + "name": "26967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26967" + }, + { + "name": "MDKSA-2007:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:122" + }, + { + "name": "ADV-2007-2016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2016" + }, + { + "name": "GLSA-200805-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml" + }, + { + "name": "GLSA-200710-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" + }, + { + "name": "MDKSA-2007:123", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:123" + }, + { + "name": "24089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24089" + }, + { + "name": "http://www.libgd.org/ReleaseNote020035", + "refsource": "CONFIRM", + "url": "http://www.libgd.org/ReleaseNote020035" + }, + { + "name": "GLSA-200708-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml" + }, + { + "name": "30168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30168" + }, + { + "name": "MDKSA-2007:124", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:124" + }, + { + "name": "ADV-2007-1904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1904" + }, + { + "name": "26930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26930" + }, + { + "name": "35788", + "refsource": "OSVDB", + "url": "http://osvdb.org/35788" + }, + { + "name": "FEDORA-2007-2215", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" + }, + { + "name": "ADV-2007-2336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2336" + }, + { + "name": "RHSA-2007:0889", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0889.html" + }, + { + "name": "2007-0023", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0023/" + }, + { + "name": "25353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25353" + }, + { + "name": "ADV-2007-3386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3386" + }, + { + "name": "http://bugs.libgd.org/?do=details&task_id=86", + "refsource": "CONFIRM", + "url": "http://bugs.libgd.org/?do=details&task_id=86" + }, + { + "name": "2007-0019", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0019/" + }, + { + "name": "27037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27037" + }, + { + "name": "SUSE-SR:2007:013", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html" + }, + { + "name": "25378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25378" + }, + { + "name": "27545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27545" + }, + { + "name": "GLSA-200711-34", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm" + }, + { + "name": "SSA:2007-152-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863" + }, + { + "name": "25646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25646" + }, + { + "name": "RHSA-2008:0146", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html" + }, + { + "name": "http://www.php.net/releases/5_2_3.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_3.php" + }, + { + "name": "SSRT071447", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1394", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1394" + }, + { + "name": "HPSBUX02262", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "25535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25535" + }, + { + "name": "MDKSA-2007:187", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187" + }, + { + "name": "27102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27102" + }, + { + "name": "oval:org.mitre.oval:def:10779", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10779" + }, + { + "name": "26895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26895" + }, + { + "name": "25787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25787" + }, + { + "name": "25575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25575" + }, + { + "name": "RHSA-2007:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0890.html" + }, + { + "name": "ADV-2007-1905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1905" + }, + { + "name": "26390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26390" + }, + { + "name": "RHSA-2007:0891", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0891.html" + }, + { + "name": "USN-473-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-473-1" + }, + { + "name": "26871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26871" + }, + { + "name": "SUSE-SA:2007:044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0550.json b/2010/0xxx/CVE-2010-0550.json index babef10ed3f..65cd067bf57 100644 --- a/2010/0xxx/CVE-2010-0550.json +++ b/2010/0xxx/CVE-2010-0550.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100127 [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509199/100/0/threaded" - }, - { - "name" : "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication" - }, - { - "name" : "62013", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62013" - }, - { - "name" : "38323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38323" - }, - { - "name" : "gncaster-httpbasic-weak-security(55976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100127 [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509199/100/0/threaded" + }, + { + "name": "gncaster-httpbasic-weak-security(55976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55976" + }, + { + "name": "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-geo-r-gncaster-faulty-implementation-of-http-digest-authentication" + }, + { + "name": "62013", + "refsource": "OSVDB", + "url": "http://osvdb.org/62013" + }, + { + "name": "38323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38323" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0828.json b/2010/0xxx/CVE-2010-0828.json index 93d6037d94a..147d1b6a97f 100644 --- a/2010/0xxx/CVE-2010-0828.json +++ b/2010/0xxx/CVE-2010-0828.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995" - }, - { - "name" : "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=578801", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=578801" - }, - { - "name" : "DSA-2024", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2024" - }, - { - "name" : "FEDORA-2010-6012", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html" - }, - { - "name" : "FEDORA-2010-6134", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html" - }, - { - "name" : "FEDORA-2010-6180", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html" - }, - { - "name" : "USN-925-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-925-1" - }, - { - "name" : "39110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39110" - }, - { - "name" : "39188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39188" - }, - { - "name" : "39190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39190" - }, - { - "name" : "39267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39267" - }, - { - "name" : "39284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39284" - }, - { - "name" : "ADV-2010-0767", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0767" - }, - { - "name" : "ADV-2010-0831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0831" - }, - { - "name" : "ADV-2010-0834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0834" - }, - { - "name" : "moinmoin-despam-xss(57435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39267" + }, + { + "name": "ADV-2010-0767", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0767" + }, + { + "name": "39110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39110" + }, + { + "name": "moinmoin-despam-xss(57435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=578801", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022" + }, + { + "name": "FEDORA-2010-6134", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html" + }, + { + "name": "DSA-2024", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2024" + }, + { + "name": "ADV-2010-0834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0834" + }, + { + "name": "39284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39284" + }, + { + "name": "FEDORA-2010-6012", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995" + }, + { + "name": "39190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39190" + }, + { + "name": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca" + }, + { + "name": "39188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39188" + }, + { + "name": "ADV-2010-0831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0831" + }, + { + "name": "USN-925-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-925-1" + }, + { + "name": "FEDORA-2010-6180", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0930.json b/2010/0xxx/CVE-2010-0930.json index 3a27df3ce5f..9a33a8e1410 100644 --- a/2010/0xxx/CVE-2010-0930.json +++ b/2010/0xxx/CVE-2010-0930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20100304 Perforce", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html" - }, - { - "name" : "36261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36261" + }, + { + "name": "[dailydave] 20100304 Perforce", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0958.json b/2010/0xxx/CVE-2010-0958.json index 2c5a3a9309a..9d7b89d53e3 100644 --- a/2010/0xxx/CVE-2010-0958.json +++ b/2010/0xxx/CVE-2010-0958.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txt" - }, - { - "name" : "11655", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11655" - }, - { - "name" : "38596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38596" - }, - { - "name" : "28362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/tribisur-lfi.txt" + }, + { + "name": "28362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28362" + }, + { + "name": "11655", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11655" + }, + { + "name": "38596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38596" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1142.json b/2010/1xxx/CVE-2010-1142.json index e9cc2b21407..7526087bd9c 100644 --- a/2010/1xxx/CVE-2010-1142.json +++ b/2010/1xxx/CVE-2010-1142.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "39394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39394" - }, - { - "name" : "1023832", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023832" - }, - { - "name" : "1023833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023833" - }, - { - "name" : "39198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39198" - }, - { - "name" : "39206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "39206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39206" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "39394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39394" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt" + }, + { + "name": "1023833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023833" + }, + { + "name": "39198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39198" + }, + { + "name": "1023832", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023832" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3170.json b/2010/3xxx/CVE-2010-3170.json index e73c03e835d..1c70649b493 100644 --- a/2010/3xxx/CVE-2010-3170.json +++ b/2010/3xxx/CVE-2010-3170.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=578697", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=578697" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114250", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114250" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100120156", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100120156" - }, - { - "name" : "DSA-2123", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2123" - }, - { - "name" : "MDVSA-2010:210", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" - }, - { - "name" : "RHSA-2010:0781", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0781.html" - }, - { - "name" : "RHSA-2010:0782", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0782.html" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "USN-1007-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1007-1" - }, - { - "name" : "oval:org.mitre.oval:def:12254", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12254" - }, - { - "name" : "41839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41839" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "RHSA-2010:0782", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0782.html" + }, + { + "name": "MDVSA-2010:210", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:210" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "RHSA-2010:0781", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0781.html" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "USN-1007-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1007-1" + }, + { + "name": "DSA-2123", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2123" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114250", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114250" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=578697", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=578697" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100120156", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100120156" + }, + { + "name": "oval:org.mitre.oval:def:12254", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12254" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html" + }, + { + "name": "41839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41839" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3956.json b/2010/3xxx/CVE-2010-3956.json index ed30144db40..4d9a7b87d43 100644 --- a/2010/3xxx/CVE-2010-3956.json +++ b/2010/3xxx/CVE-2010-3956.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka \"OpenType Font Index Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-091" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12357", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12357" - }, - { - "name" : "1024873", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka \"OpenType Font Index Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "1024873", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024873" + }, + { + "name": "oval:org.mitre.oval:def:12357", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12357" + }, + { + "name": "MS10-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-091" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4169.json b/2010/4xxx/CVE-2010-4169.json index 9ab686077ec..77414ea01cb 100644 --- a/2010/4xxx/CVE-2010-4169.json +++ b/2010/4xxx/CVE-2010-4169.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101115 CVE request: kernel: perf bug", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128979684911295&w=2" - }, - { - "name" : "[oss-security] 20101115 Re: CVE request: kernel: perf bug", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128984344103497&w=2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=63bfd7384b119409685a17d5c58f0b56e5dc03da", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=63bfd7384b119409685a17d5c58f0b56e5dc03da" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=651671", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=651671" - }, - { - "name" : "FEDORA-2010-18983", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" - }, - { - "name" : "RHSA-2010:0958", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html" - }, - { - "name" : "SUSE-SA:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "44861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44861" - }, - { - "name" : "42745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42745" - }, - { - "name" : "42778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42778" - }, - { - "name" : "42932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42932" - }, - { - "name" : "ADV-2010-3321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3321" - }, - { - "name" : "ADV-2011-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0012" - }, - { - "name" : "ADV-2011-0124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0124" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - }, - { - "name" : "kernel-perfeventmmap-dos(63316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" + }, + { + "name": "42778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42778" + }, + { + "name": "44861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44861" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" + }, + { + "name": "FEDORA-2010-18983", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=63bfd7384b119409685a17d5c58f0b56e5dc03da", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=63bfd7384b119409685a17d5c58f0b56e5dc03da" + }, + { + "name": "SUSE-SA:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" + }, + { + "name": "42932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42932" + }, + { + "name": "kernel-perfeventmmap-dos(63316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63316" + }, + { + "name": "ADV-2011-0124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0124" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=651671", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=651671" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "ADV-2010-3321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3321" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "RHSA-2010:0958", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html" + }, + { + "name": "[oss-security] 20101115 Re: CVE request: kernel: perf bug", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128984344103497&w=2" + }, + { + "name": "[oss-security] 20101115 CVE request: kernel: perf bug", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128979684911295&w=2" + }, + { + "name": "ADV-2011-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0012" + }, + { + "name": "42745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42745" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4586.json b/2010/4xxx/CVE-2010-4586.json index 20a236bd730..30577819607 100644 --- a/2010/4xxx/CVE-2010-4586.json +++ b/2010/4xxx/CVE-2010-4586.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1100/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1100/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1100/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1100/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1100/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1100/" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "42653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42653" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1100/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1100/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1100/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1100/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1100/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1100/" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4878.json b/2010/4xxx/CVE-2010-4878.json index bfc1e2a59ff..0da5a01ffdd 100644 --- a/2010/4xxx/CVE-2010-4878.json +++ b/2010/4xxx/CVE-2010-4878.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14809", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14809", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14809" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5140.json b/2010/5xxx/CVE-2010-5140.json index 3087494d179..0c6ff92d5f0 100644 --- a/2010/5xxx/CVE-2010-5140.json +++ b/2010/5xxx/CVE-2010-5140.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bitcoin.org/smf/index.php?topic=1306.0", - "refsource" : "CONFIRM", - "url" : "http://www.bitcoin.org/smf/index.php?topic=1306.0" - }, - { - "name" : "https://en.bitcoin.it/wiki/CVEs", - "refsource" : "CONFIRM", - "url" : "https://en.bitcoin.it/wiki/CVEs" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://en.bitcoin.it/wiki/CVEs", + "refsource": "CONFIRM", + "url": "https://en.bitcoin.it/wiki/CVEs" + }, + { + "name": "http://www.bitcoin.org/smf/index.php?topic=1306.0", + "refsource": "CONFIRM", + "url": "http://www.bitcoin.org/smf/index.php?topic=1306.0" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0514.json b/2014/0xxx/CVE-2014-0514.json index 1986eb562b4..71735dc9ec8 100644 --- a/2014/0xxx/CVE-2014-0514.json +++ b/2014/0xxx/CVE-2014-0514.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140413 Adobe Reader for Android exposes insecure Javascript interfaces", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531831/100/0/threaded" - }, - { - "name" : "32884", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32884" - }, - { - "name" : "33791", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33791" - }, - { - "name" : "20140413 Adobe Reader for Android exposes insecure Javascript interfaces", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/192" - }, - { - "name" : "http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html", - "refsource" : "MISC", - "url" : "http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html" - }, - { - "name" : "http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html" - }, - { - "name" : "http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html" - }, - { - "name" : "66798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66798" - }, - { - "name" : "105781", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/105781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127113/Adobe-Reader-for-Android-addJavascriptInterface-Exploit.html" + }, + { + "name": "66798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66798" + }, + { + "name": "33791", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33791" + }, + { + "name": "20140413 Adobe Reader for Android exposes insecure Javascript interfaces", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531831/100/0/threaded" + }, + { + "name": "105781", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/105781" + }, + { + "name": "http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html" + }, + { + "name": "32884", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32884" + }, + { + "name": "20140413 Adobe Reader for Android exposes insecure Javascript interfaces", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/192" + }, + { + "name": "http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html", + "refsource": "MISC", + "url": "http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0536.json b/2014/0xxx/CVE-2014-0536.json index 197aee9d620..5a2d086c3f5 100644 --- a/2014/0xxx/CVE-2014-0536.json +++ b/2014/0xxx/CVE-2014-0536.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html" - }, - { - "name" : "GLSA-201406-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-17.xml" - }, - { - "name" : "RHSA-2014:0745", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0745.html" - }, - { - "name" : "SUSE-SU-2014:0806", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html" - }, - { - "name" : "openSUSE-SU-2014:0798", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html" - }, - { - "name" : "openSUSE-SU-2014:0799", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html" - }, - { - "name" : "67961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67961" - }, - { - "name" : "1030368", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030368" - }, - { - "name" : "58390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58390" - }, - { - "name" : "58465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58465" - }, - { - "name" : "58585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58585" - }, - { - "name" : "59053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59053" - }, - { - "name" : "59304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0798", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html" + }, + { + "name": "openSUSE-SU-2014:0799", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html" + }, + { + "name": "RHSA-2014:0745", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0745.html" + }, + { + "name": "59304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59304" + }, + { + "name": "67961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67961" + }, + { + "name": "59053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59053" + }, + { + "name": "58465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58465" + }, + { + "name": "1030368", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030368" + }, + { + "name": "SUSE-SU-2014:0806", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html" + }, + { + "name": "58585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58585" + }, + { + "name": "58390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58390" + }, + { + "name": "GLSA-201406-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-17.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0877.json b/2014/0xxx/CVE-2014-0877.json index ff2bb0c340a..24b23e7460d 100644 --- a/2014/0xxx/CVE-2014-0877.json +++ b/2014/0xxx/CVE-2014-0877.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682395", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682395" - }, - { - "name" : "ibm-cognos-cve20140877-sec-bypass(91064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682395", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682395" + }, + { + "name": "ibm-cognos-cve20140877-sec-bypass(91064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91064" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0987.json b/2014/0xxx/CVE-2014-0987.json index 7967e901d42..443e5acb79e 100644 --- a/2014/0xxx/CVE-2014-0987.json +++ b/2014/0xxx/CVE-2014-0987.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01" - }, - { - "name" : "69532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01" + }, + { + "name": "69532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69532" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1243.json b/2014/1xxx/CVE-2014-1243.json index ef3909fe83f..1fcea981a97 100644 --- a/2014/1xxx/CVE-2014-1243.json +++ b/2014/1xxx/CVE-2014-1243.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6151", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6151", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6151" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4047.json b/2014/4xxx/CVE-2014-4047.json index 7249c74b193..d9c5d4a1bc4 100644 --- a/2014/4xxx/CVE-2014-4047.json +++ b/2014/4xxx/CVE-2014-4047.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532415/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2014-007.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2014-007.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532415/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2014-007.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2014-007.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4420.json b/2014/4xxx/CVE-2014-4420.json index 3e93a5fbd1a..1db2c9c37a2 100644 --- a/2014/4xxx/CVE-2014-4420.json +++ b/2014/4xxx/CVE-2014-4420.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69927" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleioscve20144420-info-disc(96102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "appleioscve20144420-info-disc(96102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96102" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "69927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69927" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4574.json b/2014/4xxx/CVE-2014-4574.json index 6c9a25caad2..033ee960d9d 100644 --- a/2014/4xxx/CVE-2014-4574.json +++ b/2014/4xxx/CVE-2014-4574.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-webengage-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-webengage-a3-cross-site-scripting-xss" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=844373%40webengage&old=788585%40webengage&sfp_email=&sfph_mail=", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=844373%40webengage&old=788585%40webengage&sfp_email=&sfph_mail=" - }, - { - "name" : "http://wordpress.org/plugins/webengage/changelog", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/webengage/changelog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-webengage-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-webengage-a3-cross-site-scripting-xss" + }, + { + "name": "http://wordpress.org/plugins/webengage/changelog", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/webengage/changelog" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=844373%40webengage&old=788585%40webengage&sfp_email=&sfph_mail=", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=844373%40webengage&old=788585%40webengage&sfp_email=&sfph_mail=" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4675.json b/2014/4xxx/CVE-2014-4675.json index 618e70e4523..7d7fffd4eed 100644 --- a/2014/4xxx/CVE-2014-4675.json +++ b/2014/4xxx/CVE-2014-4675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9373.json b/2014/9xxx/CVE-2014-9373.json index a5ebf64dc90..c9d8ede62ca 100644 --- a/2014/9xxx/CVE-2014-9373.json +++ b/2014/9xxx/CVE-2014-9373.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-422/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-422/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-422/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-422/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3292.json b/2016/3xxx/CVE-2016-3292.json index ed43c1c412c..7b318cdbb49 100644 --- a/2016/3xxx/CVE-2016-3292.json +++ b/2016/3xxx/CVE-2016-3292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-104", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" - }, - { - "name" : "92808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92808" - }, - { - "name" : "1036788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92808" + }, + { + "name": "MS16-104", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" + }, + { + "name": "1036788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036788" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3659.json b/2016/3xxx/CVE-2016-3659.json index 5d7beb73a60..b50978e6b06 100644 --- a/2016/3xxx/CVE-2016-3659.json +++ b/2016/3xxx/CVE-2016-3659.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160404 [CVE-2016-3659]Cacti graph_view.php SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Apr/4" - }, - { - "name" : "http://bugs.cacti.net/view.php?id=2673", - "refsource" : "MISC", - "url" : "http://bugs.cacti.net/view.php?id=2673" - }, - { - "name" : "http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html" - }, - { - "name" : "GLSA-201607-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-05" - }, - { - "name" : "openSUSE-SU-2016:1328", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00074.html" - }, - { - "name" : "85806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201607-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-05" + }, + { + "name": "http://bugs.cacti.net/view.php?id=2673", + "refsource": "MISC", + "url": "http://bugs.cacti.net/view.php?id=2673" + }, + { + "name": "20160404 [CVE-2016-3659]Cacti graph_view.php SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Apr/4" + }, + { + "name": "openSUSE-SU-2016:1328", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00074.html" + }, + { + "name": "85806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85806" + }, + { + "name": "http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6267.json b/2016/6xxx/CVE-2016-6267.json index 8a0d6d68517..44a764f82e1 100644 --- a/2016/6xxx/CVE-2016-6267.json +++ b/2016/6xxx/CVE-2016-6267.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/", - "refsource" : "MISC", - "url" : "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/" - }, - { - "name" : "https://success.trendmicro.com/solution/1114913", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1114913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/", + "refsource": "MISC", + "url": "https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/" + }, + { + "name": "https://success.trendmicro.com/solution/1114913", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1114913" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6718.json b/2016/6xxx/CVE-2016-6718.json index fc629298220..3d3a373d34e 100644 --- a/2016/6xxx/CVE-2016-6718.json +++ b/2016/6xxx/CVE-2016-6718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-30455516." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94175" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7050.json b/2016/7xxx/CVE-2016-7050.json index 57bfcfc173c..101c06d8c05 100644 --- a/2016/7xxx/CVE-2016-7050.json +++ b/2016/7xxx/CVE-2016-7050.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378613", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378613" - }, - { - "name" : "RHSA-2016:2604", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2604.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2604", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2604.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378613", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378613" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7120.json b/2016/7xxx/CVE-2016-7120.json index c334c118c97..d1848805630 100644 --- a/2016/7xxx/CVE-2016-7120.json +++ b/2016/7xxx/CVE-2016-7120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7130.json b/2016/7xxx/CVE-2016-7130.json index ce306d8290c..d80194330c6 100644 --- a/2016/7xxx/CVE-2016-7130.json +++ b/2016/7xxx/CVE-2016-7130.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/09/02/9" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72750", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72750" - }, - { - "name" : "https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92764" - }, - { - "name" : "1036680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "1036680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036680" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "92764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92764" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/09/02/9" + }, + { + "name": "https://bugs.php.net/bug.php?id=72750", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72750" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7658.json b/2016/7xxx/CVE-2016-7658.json index 36770fe93d7..88c897bf6ed 100644 --- a/2016/7xxx/CVE-2016-7658.json +++ b/2016/7xxx/CVE-2016-7658.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7923.json b/2016/7xxx/CVE-2016-7923.json index 0da3b2d5580..e7d7f578b1a 100644 --- a/2016/7xxx/CVE-2016-7923.json +++ b/2016/7xxx/CVE-2016-7923.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8022.json b/2016/8xxx/CVE-2016-8022.json index cdad6c3260e..88bdd5f1e25 100644 --- a/2016/8xxx/CVE-2016-8022.json +++ b/2016/8xxx/CVE-2016-8022.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VirusScan Enterprise Linux (VSEL)", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 (and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass by spoofing vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VirusScan Enterprise Linux (VSEL)", + "version": { + "version_data": [ + { + "version_value": "2.0.3 (and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40911/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" - }, - { - "name" : "94823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94823" - }, - { - "name" : "1037433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass by spoofing vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94823" + }, + { + "name": "1037433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037433" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" + }, + { + "name": "40911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40911/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8046.json b/2016/8xxx/CVE-2016-8046.json index a3e930afc32..724564a0f6a 100644 --- a/2016/8xxx/CVE-2016-8046.json +++ b/2016/8xxx/CVE-2016-8046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8163.json b/2016/8xxx/CVE-2016-8163.json index 2bd868ed9fa..f657d582a3e 100644 --- a/2016/8xxx/CVE-2016-8163.json +++ b/2016/8xxx/CVE-2016-8163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8163", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8163", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8402.json b/2016/8xxx/CVE-2016-8402.json index 7e736bd2b4f..a86856c3ec8 100644 --- a/2016/8xxx/CVE-2016-8402.json +++ b/2016/8xxx/CVE-2016-8402.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94686" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8989.json b/2016/8xxx/CVE-2016-8989.json index f7db1b01695..35d68907512 100644 --- a/2016/8xxx/CVE-2016-8989.json +++ b/2016/8xxx/CVE-2016-8989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9343.json b/2016/9xxx/CVE-2016-9343.json index 0e6adc3cf27..337187fd387 100644 --- a/2016/9xxx/CVE-2016-9343.json +++ b/2016/9xxx/CVE-2016-9343.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00", - "version" : { - "version_data" : [ - { - "version_value" : "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05" - }, - { - "name" : "95304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05" + }, + { + "name": "95304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95304" + } + ] + } +} \ No newline at end of file