From e5683ecb068e624cf266f7f9f9a4db627fa3e7ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:17:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0045.json | 180 +++++++++--------- 2006/0xxx/CVE-2006-0084.json | 180 +++++++++--------- 2006/0xxx/CVE-2006-0312.json | 180 +++++++++--------- 2006/1xxx/CVE-2006-1681.json | 170 ++++++++--------- 2006/4xxx/CVE-2006-4628.json | 160 ++++++++-------- 2006/4xxx/CVE-2006-4992.json | 180 +++++++++--------- 2006/5xxx/CVE-2006-5149.json | 180 +++++++++--------- 2006/5xxx/CVE-2006-5160.json | 150 +++++++-------- 2006/5xxx/CVE-2006-5613.json | 170 ++++++++--------- 2006/5xxx/CVE-2006-5790.json | 180 +++++++++--------- 2006/5xxx/CVE-2006-5973.json | 250 ++++++++++++------------ 2010/0xxx/CVE-2010-0015.json | 230 +++++++++++----------- 2010/0xxx/CVE-2010-0581.json | 150 +++++++-------- 2010/2xxx/CVE-2010-2263.json | 150 +++++++-------- 2010/2xxx/CVE-2010-2583.json | 180 +++++++++--------- 2010/3xxx/CVE-2010-3002.json | 170 ++++++++--------- 2010/3xxx/CVE-2010-3196.json | 140 +++++++------- 2010/3xxx/CVE-2010-3536.json | 130 ++++++------- 2010/4xxx/CVE-2010-4651.json | 260 ++++++++++++------------- 2014/3xxx/CVE-2014-3135.json | 140 +++++++------- 2014/3xxx/CVE-2014-3626.json | 122 ++++++------ 2014/4xxx/CVE-2014-4060.json | 140 +++++++------- 2014/4xxx/CVE-2014-4147.json | 34 ++-- 2014/4xxx/CVE-2014-4503.json | 130 ++++++------- 2014/4xxx/CVE-2014-4544.json | 34 ++-- 2014/4xxx/CVE-2014-4789.json | 140 +++++++------- 2014/8xxx/CVE-2014-8149.json | 160 ++++++++-------- 2014/8xxx/CVE-2014-8243.json | 120 ++++++------ 2014/8xxx/CVE-2014-8386.json | 140 +++++++------- 2014/8xxx/CVE-2014-8504.json | 290 ++++++++++++++-------------- 2014/8xxx/CVE-2014-8917.json | 180 +++++++++--------- 2014/9xxx/CVE-2014-9249.json | 130 ++++++------- 2014/9xxx/CVE-2014-9314.json | 34 ++-- 2014/9xxx/CVE-2014-9426.json | 150 +++++++-------- 2014/9xxx/CVE-2014-9597.json | 160 ++++++++-------- 2016/2xxx/CVE-2016-2025.json | 130 ++++++------- 2016/2xxx/CVE-2016-2416.json | 140 +++++++------- 2016/2xxx/CVE-2016-2935.json | 140 +++++++------- 2016/3xxx/CVE-2016-3026.json | 34 ++-- 2016/3xxx/CVE-2016-3115.json | 360 +++++++++++++++++------------------ 2016/3xxx/CVE-2016-3715.json | 310 +++++++++++++++--------------- 2016/6xxx/CVE-2016-6008.json | 34 ++-- 2016/6xxx/CVE-2016-6905.json | 200 +++++++++---------- 2016/7xxx/CVE-2016-7012.json | 140 +++++++------- 2016/7xxx/CVE-2016-7319.json | 34 ++-- 2016/7xxx/CVE-2016-7537.json | 170 ++++++++--------- 2016/7xxx/CVE-2016-7841.json | 130 ++++++------- 2016/7xxx/CVE-2016-7930.json | 170 ++++++++--------- 48 files changed, 3743 insertions(+), 3743 deletions(-) diff --git a/2006/0xxx/CVE-2006-0045.json b/2006/0xxx/CVE-2006-0045.json index 71dafbd98de..b3a4afc5f14 100644 --- a/2006/0xxx/CVE-2006-0045.json +++ b/2006/0xxx/CVE-2006-0045.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-949", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-949" - }, - { - "name" : "16337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16337" - }, - { - "name" : "ADV-2006-0303", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0303" - }, - { - "name" : "22690", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22690" - }, - { - "name" : "18545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18545" - }, - { - "name" : "18573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18573" - }, - { - "name" : "crawl-insecure-command-execution(24262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22690", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22690" + }, + { + "name": "18545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18545" + }, + { + "name": "DSA-949", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-949" + }, + { + "name": "16337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16337" + }, + { + "name": "ADV-2006-0303", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0303" + }, + { + "name": "18573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18573" + }, + { + "name": "crawl-insecure-command-execution(24262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24262" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0084.json b/2006/0xxx/CVE-2006-0084.json index 06e56f1bf1c..18a5deddba8 100644 --- a/2006/0xxx/CVE-2006-0084.json +++ b/2006/0xxx/CVE-2006-0084.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-January/000486.html" - }, - { - "name" : "http://evuln.com/vulns/13/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/13/summary.html" - }, - { - "name" : "16138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16138" - }, - { - "name" : "ADV-2006-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0030" - }, - { - "name" : "22198", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22198" - }, - { - "name" : "1015432", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015432" - }, - { - "name" : "18292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0030" + }, + { + "name": "16138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16138" + }, + { + "name": "1015432", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015432" + }, + { + "name": "22198", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22198" + }, + { + "name": "20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-January/000486.html" + }, + { + "name": "http://evuln.com/vulns/13/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/13/summary.html" + }, + { + "name": "18292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18292" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0312.json b/2006/0xxx/CVE-2006-0312.json index 46b6b87c067..4c3e44b1edc 100644 --- a/2006/0xxx/CVE-2006-0312.json +++ b/2006/0xxx/CVE-2006-0312.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 [eVuln] aoblogger Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html" - }, - { - "name" : "http://evuln.com/vulns/37/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/37/summary.html" - }, - { - "name" : "http://mikeheltonisawesome.com/viewcomments.php?idd=46", - "refsource" : "CONFIRM", - "url" : "http://mikeheltonisawesome.com/viewcomments.php?idd=46" - }, - { - "name" : "16286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16286" - }, - { - "name" : "ADV-2006-0240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0240" - }, - { - "name" : "16889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16889" - }, - { - "name" : "aoblogger-create-security-bypass(24143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16889" + }, + { + "name": "aoblogger-create-security-bypass(24143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24143" + }, + { + "name": "ADV-2006-0240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0240" + }, + { + "name": "20060117 [eVuln] aoblogger Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html" + }, + { + "name": "http://mikeheltonisawesome.com/viewcomments.php?idd=46", + "refsource": "CONFIRM", + "url": "http://mikeheltonisawesome.com/viewcomments.php?idd=46" + }, + { + "name": "http://evuln.com/vulns/37/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/37/summary.html" + }, + { + "name": "16286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16286" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1681.json b/2006/1xxx/CVE-2006-1681.json index e0e2e750356..d1373ec027c 100644 --- a/2006/1xxx/CVE-2006-1681.json +++ b/2006/1xxx/CVE-2006-1681.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060406 XSS Bug in Cherokee Webserver", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430385/100/0/threaded" - }, - { - "name" : "17408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17408" - }, - { - "name" : "ADV-2006-1292", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1292" - }, - { - "name" : "24469", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24469" - }, - { - "name" : "19587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19587" - }, - { - "name" : "cherokee-handlererror-xss(25698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060406 XSS Bug in Cherokee Webserver", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430385/100/0/threaded" + }, + { + "name": "17408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17408" + }, + { + "name": "19587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19587" + }, + { + "name": "ADV-2006-1292", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1292" + }, + { + "name": "cherokee-handlererror-xss(25698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25698" + }, + { + "name": "24469", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24469" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4628.json b/2006/4xxx/CVE-2006-4628.json index 44aaaa8582a..870517f7d9e 100644 --- a/2006/4xxx/CVE-2006-4628.json +++ b/2006/4xxx/CVE-2006-4628.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=445066", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=445066" - }, - { - "name" : "19871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19871" - }, - { - "name" : "ADV-2006-3481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3481" - }, - { - "name" : "21781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21781" - }, - { - "name" : "vcddb-comment-xss(28764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vcddb-comment-xss(28764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28764" + }, + { + "name": "ADV-2006-3481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3481" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=445066", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=445066" + }, + { + "name": "21781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21781" + }, + { + "name": "19871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19871" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4992.json b/2006/4xxx/CVE-2006-4992.json index 58bf6c5ea89..cee0f654793 100644 --- a/2006/4xxx/CVE-2006-4992.json +++ b/2006/4xxx/CVE-2006-4992.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.babilonics.com/?q=node/1802", - "refsource" : "MISC", - "url" : "http://www.babilonics.com/?q=node/1802" - }, - { - "name" : "http://forum.joomla.org/index.php/topic,79477.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,79477.0.html" - }, - { - "name" : "http://forum.joomla.org/index.php/topic,81064.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,81064.0.html" - }, - { - "name" : "19209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19209" - }, - { - "name" : "28997", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28997" - }, - { - "name" : "28998", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28998" - }, - { - "name" : "28999", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19209" + }, + { + "name": "http://forum.joomla.org/index.php/topic,81064.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,81064.0.html" + }, + { + "name": "http://forum.joomla.org/index.php/topic,79477.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,79477.0.html" + }, + { + "name": "28998", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28998" + }, + { + "name": "http://www.babilonics.com/?q=node/1802", + "refsource": "MISC", + "url": "http://www.babilonics.com/?q=node/1802" + }, + { + "name": "28999", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28999" + }, + { + "name": "28997", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28997" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5149.json b/2006/5xxx/CVE-2006-5149.json index 86f880070db..3e17b64fb57 100644 --- a/2006/5xxx/CVE-2006-5149.json +++ b/2006/5xxx/CVE-2006-5149.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485588/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=451780", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=451780" - }, - { - "name" : "20301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20301" - }, - { - "name" : "27053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27053" - }, - { - "name" : "ADV-2006-3867", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3867" - }, - { - "name" : "22238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22238" - }, - { - "name" : "openbiblio-shared-file-include(29316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3867", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3867" + }, + { + "name": "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485588/100/0/threaded" + }, + { + "name": "22238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22238" + }, + { + "name": "27053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27053" + }, + { + "name": "openbiblio-shared-file-include(29316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29316" + }, + { + "name": "20301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20301" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=451780", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=451780" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5160.json b/2006/5xxx/CVE-2006-5160.json index d97d2efdd1b..c5b64a0a9dc 100644 --- a/2006/5xxx/CVE-2006-5160.json +++ b/2006/5xxx/CVE-2006-5160.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that \"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447493/100/0/threaded" - }, - { - "name" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/", - "refsource" : "MISC", - "url" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/" - }, - { - "name" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html", - "refsource" : "MISC", - "url" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html" - }, - { - "name" : "20294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that \"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/", + "refsource": "MISC", + "url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/" + }, + { + "name": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html", + "refsource": "MISC", + "url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html" + }, + { + "name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded" + }, + { + "name": "20294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20294" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5613.json b/2006/5xxx/CVE-2006-5613.json index d5e1ce6da95..e502f7d61b6 100644 --- a/2006/5xxx/CVE-2006-5613.json +++ b/2006/5xxx/CVE-2006-5613.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2666", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2666" - }, - { - "name" : "20783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20783" - }, - { - "name" : "ADV-2006-4230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4230" - }, - { - "name" : "30110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30110" - }, - { - "name" : "22605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22605" - }, - { - "name" : "mp3sds-core-file-include(29888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2666", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2666" + }, + { + "name": "20783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20783" + }, + { + "name": "mp3sds-core-file-include(29888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29888" + }, + { + "name": "30110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30110" + }, + { + "name": "22605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22605" + }, + { + "name": "ADV-2006-4230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4230" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5790.json b/2006/5xxx/CVE-2006-5790.json index 115204c1457..323e6a87751 100644 --- a/2006/5xxx/CVE-2006-5790.json +++ b/2006/5xxx/CVE-2006-5790.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016" - }, - { - "name" : "DSA-1242", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1242" - }, - { - "name" : "20876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20876" - }, - { - "name" : "ADV-2006-4315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4315" - }, - { - "name" : "22638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22638" - }, - { - "name" : "23580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23580" - }, - { - "name" : "elog-elsubmit-format-string(29987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23580" + }, + { + "name": "DSA-1242", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1242" + }, + { + "name": "20876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20876" + }, + { + "name": "elog-elsubmit-format-string(29987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29987" + }, + { + "name": "22638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22638" + }, + { + "name": "ADV-2006-4315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4315" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5973.json b/2006/5xxx/CVE-2006-5973.json index bc7769470ed..c51a4bead42 100644 --- a/2006/5xxx/CVE-2006-5973.json +++ b/2006/5xxx/CVE-2006-5973.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to \"yes,\" allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452081/100/0/threaded" - }, - { - "name" : "[Dovecot-news] 20091119 1.0.rc15 released", - "refsource" : "MLIST", - "url" : "http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html" - }, - { - "name" : "[Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes", - "refsource" : "MLIST", - "url" : "http://dovecot.org/list/dovecot-news/2006-November/000023.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-802", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-802" - }, - { - "name" : "SUSE-SA:2006:073", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_73_mono.html" - }, - { - "name" : "USN-387-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-387-1" - }, - { - "name" : "21183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21183/info" - }, - { - "name" : "ADV-2006-4614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4614" - }, - { - "name" : "1017288", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017288" - }, - { - "name" : "23007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23007" - }, - { - "name" : "23150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23150" - }, - { - "name" : "23172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23172" - }, - { - "name" : "23213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23213" - }, - { - "name" : "dovecot-indexcache-bo(30433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to \"yes,\" allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Dovecot-news] 20091119 1.0.rc15 released", + "refsource": "MLIST", + "url": "http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html" + }, + { + "name": "USN-387-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-387-1" + }, + { + "name": "23150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23150" + }, + { + "name": "SUSE-SA:2006:073", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html" + }, + { + "name": "23007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23007" + }, + { + "name": "23172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23172" + }, + { + "name": "dovecot-indexcache-bo(30433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30433" + }, + { + "name": "20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452081/100/0/threaded" + }, + { + "name": "[Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes", + "refsource": "MLIST", + "url": "http://dovecot.org/list/dovecot-news/2006-November/000023.html" + }, + { + "name": "23213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23213" + }, + { + "name": "1017288", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017288" + }, + { + "name": "ADV-2006-4614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4614" + }, + { + "name": "21183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21183/info" + }, + { + "name": "https://issues.rpath.com/browse/RPL-802", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-802" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0015.json b/2010/0xxx/CVE-2010-0015.json index 45523fc0282..1e6e89ae5c5 100644 --- a/2010/0xxx/CVE-2010-0015.json +++ b/2010/0xxx/CVE-2010-0015.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100107 CVE id request: GNU libc: NIS shadow password leakage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/07/3" - }, - { - "name" : "[oss-security] 20100108 Re: CVE id request: GNU libc: NIS shadow password leakage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/08/1" - }, - { - "name" : "[oss-security] 20100109 Re: CVE id request: GNU libc: NIS shadow password leakage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/08/2" - }, - { - "name" : "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/11/6" - }, - { - "name" : "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126320570505651&w=2" - }, - { - "name" : "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126320356003425&w=2" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", - "refsource" : "MISC", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11134" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333" - }, - { - "name" : "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup", - "refsource" : "CONFIRM", - "url" : "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup" - }, - { - "name" : "MDVSA-2010:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" - }, - { - "name" : "MDVSA-2010:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" - }, - { - "name" : "SUSE-SA:2010:052", - "refsource" : "SUSE", - "url" : "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" + }, + { + "name": "[oss-security] 20100109 Re: CVE id request: GNU libc: NIS shadow password leakage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/08/2" + }, + { + "name": "[oss-security] 20100107 CVE id request: GNU libc: NIS shadow password leakage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/07/3" + }, + { + "name": "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/11/6" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333" + }, + { + "name": "[oss-security] 20100108 Re: CVE id request: GNU libc: NIS shadow password leakage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/08/1" + }, + { + "name": "SUSE-SA:2010:052", + "refsource": "SUSE", + "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" + }, + { + "name": "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup", + "refsource": "CONFIRM", + "url": "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup" + }, + { + "name": "MDVSA-2010:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" + }, + { + "name": "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126320570505651&w=2" + }, + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", + "refsource": "MISC", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11134" + }, + { + "name": "[oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126320356003425&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0581.json b/2010/0xxx/CVE-2010-0581.json index e0d54de263c..9451620f335 100644 --- a/2010/0xxx/CVE-2010-0581.json +++ b/2010/0xxx/CVE-2010-0581.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the \"SIP Packet Parsing Arbitrary Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065" - }, - { - "name" : "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml" - }, - { - "name" : "1023744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023744" - }, - { - "name" : "39068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the \"SIP Packet Parsing Arbitrary Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023744" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20065" + }, + { + "name": "39068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39068" + }, + { + "name": "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2263.json b/2010/2xxx/CVE-2010-2263.json index c956b68c289..6b482c689ca 100644 --- a/2010/2xxx/CVE-2010-2263.json +++ b/2010/2xxx/CVE-2010-2263.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13822", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13822" - }, - { - "name" : "13818", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13818" - }, - { - "name" : "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html", - "refsource" : "MISC", - "url" : "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" - }, - { - "name" : "40760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13818", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13818" + }, + { + "name": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html", + "refsource": "MISC", + "url": "http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html" + }, + { + "name": "13822", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13822" + }, + { + "name": "40760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40760" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2583.json b/2010/2xxx/CVE-2010-2583.json index 5bee63f4355..16009f82363 100644 --- a/2010/2xxx/CVE-2010-2583.json +++ b/2010/2xxx/CVE-2010-2583.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-2583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101029 Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514561/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-117/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-117/" - }, - { - "name" : "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt", - "refsource" : "CONFIRM", - "url" : "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt" - }, - { - "name" : "44535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44535" - }, - { - "name" : "1024666", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024666" - }, - { - "name" : "41644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41644" - }, - { - "name" : "sonicwall-activex-bo(62865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024666", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024666" + }, + { + "name": "http://secunia.com/secunia_research/2010-117/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-117/" + }, + { + "name": "20101029 Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514561/100/0/threaded" + }, + { + "name": "41644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41644" + }, + { + "name": "sonicwall-activex-bo(62865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62865" + }, + { + "name": "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt", + "refsource": "CONFIRM", + "url": "http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt" + }, + { + "name": "44535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44535" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3002.json b/2010/3xxx/CVE-2010-3002.json index 7d09fbf23e8..d7bc69a984b 100644 --- a/2010/3xxx/CVE-2010-3002.json +++ b/2010/3xxx/CVE-2010-3002.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/08262010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/08262010_player/en/" - }, - { - "name" : "oval:org.mitre.oval:def:7227", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7227" - }, - { - "name" : "1024370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024370" - }, - { - "name" : "41154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41154" - }, - { - "name" : "ADV-2010-2216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2216" - }, - { - "name" : "realplayer-activex-unauth-access(61426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2216" + }, + { + "name": "http://service.real.com/realplayer/security/08262010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/08262010_player/en/" + }, + { + "name": "realplayer-activex-unauth-access(61426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61426" + }, + { + "name": "1024370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024370" + }, + { + "name": "41154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41154" + }, + { + "name": "oval:org.mitre.oval:def:7227", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7227" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3196.json b/2010/3xxx/CVE-2010-3196.json index 42173dc6fc8..8d2a7371a3b 100644 --- a/2010/3xxx/CVE-2010-3196.json +++ b/2010/3xxx/CVE-2010-3196.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" - }, - { - "name" : "IC67008", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008" - }, - { - "name" : "oval:org.mitre.oval:def:14472", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" + }, + { + "name": "IC67008", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67008" + }, + { + "name": "oval:org.mitre.oval:def:14472", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14472" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3536.json b/2010/3xxx/CVE-2010-3536.json index 3e5c889924b..eedf56ab552 100644 --- a/2010/3xxx/CVE-2010-3536.json +++ b/2010/3xxx/CVE-2010-3536.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4651.json b/2010/4xxx/CVE-2010-4651.json index 1de3c5bd3c1..e453e4a2ae4 100644 --- a/2010/4xxx/CVE-2010-4651.json +++ b/2010/4xxx/CVE-2010-4651.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html" - }, - { - "name" : "[oss-security] 20110105 CVE request: patch directory traversal flaw", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/05/10" - }, - { - "name" : "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/06/20" - }, - { - "name" : "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/06/21" - }, - { - "name" : "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/06/19" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667529", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667529" - }, - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "FEDORA-2011-1269", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html" - }, - { - "name" : "FEDORA-2011-1272", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html" - }, - { - "name" : "46768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46768" - }, - { - "name" : "43663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43663" - }, - { - "name" : "43677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43677" - }, - { - "name" : "ADV-2011-0600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0600" + }, + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/06/20" + }, + { + "name": "46768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46768" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/06/21" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667529", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529" + }, + { + "name": "FEDORA-2011-1269", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html" + }, + { + "name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/06/19" + }, + { + "name": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1" + }, + { + "name": "43677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43677" + }, + { + "name": "FEDORA-2011-1272", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html" + }, + { + "name": "[oss-security] 20110105 CVE request: patch directory traversal flaw", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/05/10" + }, + { + "name": "[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html" + }, + { + "name": "43663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43663" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3135.json b/2014/3xxx/CVE-2014-3135.json index cfa174aceb6..202fe3d7973 100644 --- a/2014/3xxx/CVE-2014-3135.json +++ b/2014/3xxx/CVE-2014-3135.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html" - }, - { - "name" : "66972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66972" - }, - { - "name" : "vbulletin-multiple-scripts-xss(92664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html" + }, + { + "name": "66972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66972" + }, + { + "name": "vbulletin-multiple-scripts-xss(92664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92664" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3626.json b/2014/3xxx/CVE-2014-3626.json index ec5b8d9824c..51de7221fab 100644 --- a/2014/3xxx/CVE-2014-3626.json +++ b/2014/3xxx/CVE-2014-3626.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2017-05-25T00:00:00", - "ID" : "CVE-2014-3626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Grails by Pivotal", - "version" : { - "version_data" : [ - { - "version_value" : "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2017-05-25T00:00:00", + "ID": "CVE-2014-3626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Grails by Pivotal", + "version": { + "version_data": [ + { + "version_value": "Resources plugin versions 1.2.0 - 1.2.12. Earlier versions may also be affected but were not assessed" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2014-3626", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2014-3626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2014-3626", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2014-3626" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4060.json b/2014/4xxx/CVE-2014-4060.json index 0314ad3a049..83d38eefc94 100644 --- a/2014/4xxx/CVE-2014-4060.json +++ b/2014/4xxx/CVE-2014-4060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka \"CSyncBasePlayer Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043" - }, - { - "name" : "69093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69093" - }, - { - "name" : "60671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka \"CSyncBasePlayer Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043" + }, + { + "name": "69093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69093" + }, + { + "name": "60671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60671" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4147.json b/2014/4xxx/CVE-2014-4147.json index 6a6bc84783f..007e3a33d18 100644 --- a/2014/4xxx/CVE-2014-4147.json +++ b/2014/4xxx/CVE-2014-4147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4147", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4147", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4503.json b/2014/4xxx/CVE-2014-4503.json index db20d8e3285..455ee5e6bb9 100644 --- a/2014/4xxx/CVE-2014-4503.json +++ b/2014/4xxx/CVE-2014-4503.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/120" - }, - { - "name" : "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c", - "refsource" : "CONFIRM", - "url" : "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/120" + }, + { + "name": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c", + "refsource": "CONFIRM", + "url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4544.json b/2014/4xxx/CVE-2014-4544.json index f853ed2adff..702b6a5b5d9 100644 --- a/2014/4xxx/CVE-2014-4544.json +++ b/2014/4xxx/CVE-2014-4544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4544", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4544", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4789.json b/2014/4xxx/CVE-2014-4789.json index 403eda08c61..5f9c8075695 100644 --- a/2014/4xxx/CVE-2014-4789.json +++ b/2014/4xxx/CVE-2014-4789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450" - }, - { - "name" : "60996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60996" - }, - { - "name" : "ibm-imds-cve20144789-fixation(95059)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450" + }, + { + "name": "60996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60996" + }, + { + "name": "ibm-imds-cve20144789-fixation(95059)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8149.json b/2014/8xxx/CVE-2014-8149.json index 9625e07edff..9010c4eb24d 100644 --- a/2014/8xxx/CVE-2014-8149.json +++ b/2014/8xxx/CVE-2014-8149.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150122 Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/22/1" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/c/13972/", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/c/13972/" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/c/14088/", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/c/14088/" - }, - { - "name" : "https://wiki.opendaylight.org/view/Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.opendaylight.org/view/Security_Advisories" - }, - { - "name" : "72280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72280" + }, + { + "name": "https://git.opendaylight.org/gerrit/#/c/14088/", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/c/14088/" + }, + { + "name": "https://git.opendaylight.org/gerrit/#/c/13972/", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/c/13972/" + }, + { + "name": "https://wiki.opendaylight.org/view/Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.opendaylight.org/view/Security_Advisories" + }, + { + "name": "[oss-security] 20150122 Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/22/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8243.json b/2014/8xxx/CVE-2014-8243.json index a49bcb40aca..fb8fa90adba 100644 --- a/2014/8xxx/CVE-2014-8243.json +++ b/2014/8xxx/CVE-2014-8243.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-8243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#447516", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/447516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#447516", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/447516" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8386.json b/2014/8xxx/CVE-2014-8386.json index 6708b8480fb..f2824370774 100644 --- a/2014/8xxx/CVE-2014-8386.json +++ b/2014/8xxx/CVE-2014-8386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35503", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35503" - }, - { - "name" : "20141119 [CORE-2014-0008] - Advantech AdamView Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/57" - }, - { - "name" : "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141119 [CORE-2014-0008] - Advantech AdamView Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/57" + }, + { + "name": "35503", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35503" + }, + { + "name": "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8504.json b/2014/8xxx/CVE-2014-8504.json index aca776fd0ed..1e8573e7ec2 100644 --- a/2014/8xxx/CVE-2014-8504.json +++ b/2014/8xxx/CVE-2014-8504.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141027 Re: Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/27/5" - }, - { - "name" : "[oss-security] 20141027 Re: Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/27/4" - }, - { - "name" : "[oss-security] 20141031 Re: strings / libbfd crasher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/31/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162621", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1162621" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17510" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0" - }, - { - "name" : "FEDORA-2014-14838", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html" - }, - { - "name" : "FEDORA-2014-14963", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html" - }, - { - "name" : "FEDORA-2014-14995", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html" - }, - { - "name" : "FEDORA-2014-17586", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html" - }, - { - "name" : "FEDORA-2014-17603", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html" - }, - { - "name" : "FEDORA-2015-0471", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html" - }, - { - "name" : "GLSA-201612-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-24" - }, - { - "name" : "MDVSA-2015:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029" - }, - { - "name" : "USN-2496-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2496-1" - }, - { - "name" : "70761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70761" - }, - { - "name" : "62241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62241" - }, - { - "name" : "62746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1162621", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162621" + }, + { + "name": "62241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62241" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17510" + }, + { + "name": "MDVSA-2015:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029" + }, + { + "name": "USN-2496-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2496-1" + }, + { + "name": "FEDORA-2014-14995", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html" + }, + { + "name": "[oss-security] 20141027 Re: Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/27/5" + }, + { + "name": "FEDORA-2014-17603", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html" + }, + { + "name": "FEDORA-2014-14963", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html" + }, + { + "name": "FEDORA-2015-0471", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html" + }, + { + "name": "62746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62746" + }, + { + "name": "[oss-security] 20141027 Re: Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/27/4" + }, + { + "name": "[oss-security] 20141031 Re: strings / libbfd crasher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/31/1" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0" + }, + { + "name": "FEDORA-2014-14838", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html" + }, + { + "name": "FEDORA-2014-17586", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html" + }, + { + "name": "70761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70761" + }, + { + "name": "GLSA-201612-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-24" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8917.json b/2014/8xxx/CVE-2014-8917.json index 72fc41b6454..dece30af8e3 100644 --- a/2014/8xxx/CVE-2014-8917.json +++ b/2014/8xxx/CVE-2014-8917.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694693", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694693" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696013", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696013" - }, - { - "name" : "72903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72903" - }, - { - "name" : "1032376", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032376" - }, - { - "name" : "62590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62590" - }, - { - "name" : "62837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62837" - }, - { - "name" : "ibm-dojo-cve20148917-xss(99303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62590" + }, + { + "name": "ibm-dojo-cve20148917-xss(99303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99303" + }, + { + "name": "62837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62837" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696013", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696013" + }, + { + "name": "1032376", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032376" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694693", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694693" + }, + { + "name": "72903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72903" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9249.json b/2014/9xxx/CVE-2014-9249.json index 3de2eb59e96..1b1f4938915 100644 --- a/2014/9xxx/CVE-2014-9249.json +++ b/2014/9xxx/CVE-2014-9249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-9249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9314.json b/2014/9xxx/CVE-2014-9314.json index 3547ebabd91..1331398da5d 100644 --- a/2014/9xxx/CVE-2014-9314.json +++ b/2014/9xxx/CVE-2014-9314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9426.json b/2014/9xxx/CVE-2014-9426.json index a870fc9fbc1..8faf9715821 100644 --- a/2014/9xxx/CVE-2014-9426.json +++ b/2014/9xxx/CVE-2014-9426.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191" - }, - { - "name" : "https://bugs.php.net/bug.php?id=68665", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=68665" - }, - { - "name" : "openSUSE-SU-2015:0325", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09" + }, + { + "name": "openSUSE-SU-2015:0325", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=68665", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=68665" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=ef89ab2f99fbd9b7b714556d4f1f50644eb54191" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9597.json b/2014/9xxx/CVE-2014-9597.json index a5f09aa6730..526d3df984d 100644 --- a/2014/9xxx/CVE-2014-9597.json +++ b/2014/9xxx/CVE-2014-9597.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/72" - }, - { - "name" : "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html", - "refsource" : "MISC", - "url" : "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html" - }, - { - "name" : "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt", - "refsource" : "MISC", - "url" : "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt" - }, - { - "name" : "https://trac.videolan.org/vlc/ticket/13389", - "refsource" : "MISC", - "url" : "https://trac.videolan.org/vlc/ticket/13389" - }, - { - "name" : "GLSA-201603-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html", + "refsource": "MISC", + "url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html" + }, + { + "name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/72" + }, + { + "name": "GLSA-201603-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-08" + }, + { + "name": "https://trac.videolan.org/vlc/ticket/13389", + "refsource": "MISC", + "url": "https://trac.videolan.org/vlc/ticket/13389" + }, + { + "name": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt", + "refsource": "MISC", + "url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2025.json b/2016/2xxx/CVE-2016-2025.json index 7d70859a74b..3f113c37243 100644 --- a/2016/2xxx/CVE-2016-2025.json +++ b/2016/2xxx/CVE-2016-2025.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290" - }, - { - "name" : "1035954", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290" + }, + { + "name": "1035954", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035954" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2416.json b/2016/2xxx/CVE-2016-2416.json index 9759f73df04..4f76b68dde7 100644 --- a/2016/2xxx/CVE-2016-2416.json +++ b/2016/2xxx/CVE-2016-2416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2935.json b/2016/2xxx/CVE-2016-2935.json index 77e743006de..0d2475bc0b1 100644 --- a/2016/2xxx/CVE-2016-2935.json +++ b/2016/2xxx/CVE-2016-2935.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991955", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991955" - }, - { - "name" : "IV89745", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89745" - }, - { - "name" : "94989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV89745", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89745" + }, + { + "name": "94989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94989" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991955", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991955" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3026.json b/2016/3xxx/CVE-2016-3026.json index 5d2cf37c88c..6b477e99367 100644 --- a/2016/3xxx/CVE-2016-3026.json +++ b/2016/3xxx/CVE-2016-3026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3115.json b/2016/3xxx/CVE-2016-3115.json index 1d64ab238e5..b20d36ceb9e 100644 --- a/2016/3xxx/CVE-2016-3115.json +++ b/2016/3xxx/CVE-2016-3115.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39569", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39569/" - }, - { - "name" : "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Mar/46" - }, - { - "name" : "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Mar/47" - }, - { - "name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" - }, - { - "name" : "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html" - }, - { - "name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", - "refsource" : "MISC", - "url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115" - }, - { - "name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c" - }, - { - "name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h" - }, - { - "name" : "http://www.openssh.com/txt/x11fwd.adv", - "refsource" : "CONFIRM", - "url" : "http://www.openssh.com/txt/x11fwd.adv" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa121", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa121" - }, - { - "name" : "FEDORA-2016-08e5803496", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html" - }, - { - "name" : "FEDORA-2016-0bcab055a7", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html" - }, - { - "name" : "FEDORA-2016-d339d610c1", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html" - }, - { - "name" : "FEDORA-2016-188267b485", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html" - }, - { - "name" : "FEDORA-2016-fc1cc33e05", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html" - }, - { - "name" : "FEDORA-2016-bb59db3c86", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html" - }, - { - "name" : "FreeBSD-SA-16:14", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc" - }, - { - "name" : "GLSA-201612-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-18" - }, - { - "name" : "RHSA-2016:0466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0466.html" - }, - { - "name" : "RHSA-2016:0465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0465.html" - }, - { - "name" : "84314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84314" - }, - { - "name" : "1035249", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openssh.com/txt/x11fwd.adv", + "refsource": "CONFIRM", + "url": "http://www.openssh.com/txt/x11fwd.adv" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", + "refsource": "MISC", + "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115" + }, + { + "name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html" + }, + { + "name": "FreeBSD-SA-16:14", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "39569", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39569/" + }, + { + "name": "RHSA-2016:0466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html" + }, + { + "name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c", + "refsource": "CONFIRM", + "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c" + }, + { + "name": "1035249", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035249" + }, + { + "name": "FEDORA-2016-fc1cc33e05", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h" + }, + { + "name": "FEDORA-2016-d339d610c1", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa121", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa121" + }, + { + "name": "GLSA-201612-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-18" + }, + { + "name": "84314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84314" + }, + { + "name": "FEDORA-2016-0bcab055a7", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html" + }, + { + "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "name": "FEDORA-2016-08e5803496", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html" + }, + { + "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Mar/47" + }, + { + "name": "RHSA-2016:0465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html" + }, + { + "name": "FEDORA-2016-188267b485", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html" + }, + { + "name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Mar/46" + }, + { + "name": "FEDORA-2016-bb59db3c86", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3715.json b/2016/3xxx/CVE-2016-3715.json index 3a87ef0e90a..fc130c23686 100644 --- a/2016/3xxx/CVE-2016-3715.json +++ b/2016/3xxx/CVE-2016-3715.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160513 May 2016 - HipChat Server - Critical Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538378/100/0/threaded" - }, - { - "name" : "39767", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39767/" - }, - { - "name" : "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/03/18" - }, - { - "name" : "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog" - }, - { - "name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588", - "refsource" : "CONFIRM", - "url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588" - }, - { - "name" : "https://www.imagemagick.org/script/changelog.php", - "refsource" : "CONFIRM", - "url" : "https://www.imagemagick.org/script/changelog.php" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3580", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3580" - }, - { - "name" : "DSA-3746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3746" - }, - { - "name" : "GLSA-201611-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-21" - }, - { - "name" : "RHSA-2016:0726", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0726.html" - }, - { - "name" : "SSA:2016-132-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568" - }, - { - "name" : "SUSE-SU-2016:1260", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1261", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html" - }, - { - "name" : "openSUSE-SU-2016:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html" - }, - { - "name" : "SUSE-SU-2016:1275", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html" - }, - { - "name" : "openSUSE-SU-2016:1326", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html" - }, - { - "name" : "USN-2990-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2990-1" - }, - { - "name" : "89852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog", + "refsource": "CONFIRM", + "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog" + }, + { + "name": "openSUSE-SU-2016:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588", + "refsource": "CONFIRM", + "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588" + }, + { + "name": "openSUSE-SU-2016:1326", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html" + }, + { + "name": "USN-2990-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2990-1" + }, + { + "name": "openSUSE-SU-2016:1261", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html" + }, + { + "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded" + }, + { + "name": "39767", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39767/" + }, + { + "name": "SUSE-SU-2016:1260", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18" + }, + { + "name": "DSA-3746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3746" + }, + { + "name": "GLSA-201611-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-21" + }, + { + "name": "SUSE-SU-2016:1275", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html" + }, + { + "name": "SSA:2016-132-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568" + }, + { + "name": "https://www.imagemagick.org/script/changelog.php", + "refsource": "CONFIRM", + "url": "https://www.imagemagick.org/script/changelog.php" + }, + { + "name": "DSA-3580", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3580" + }, + { + "name": "RHSA-2016:0726", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html" + }, + { + "name": "89852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89852" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6008.json b/2016/6xxx/CVE-2016-6008.json index 1ed544ea5dd..317f5400080 100644 --- a/2016/6xxx/CVE-2016-6008.json +++ b/2016/6xxx/CVE-2016-6008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6905.json b/2016/6xxx/CVE-2016-6905.json index 8f916041704..2d748ed245b 100644 --- a/2016/6xxx/CVE-2016-6905.json +++ b/2016/6xxx/CVE-2016-6905.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/23/1" - }, - { - "name" : "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03" - }, - { - "name" : "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186" - }, - { - "name" : "https://github.com/libgd/libgd/issues/248", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/issues/248" - }, - { - "name" : "https://github.com/libgd/libgd/pull/251", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/pull/251" - }, - { - "name" : "http://libgd.github.io/release-2.2.3.html", - "refsource" : "CONFIRM", - "url" : "http://libgd.github.io/release-2.2.3.html" - }, - { - "name" : "openSUSE-SU-2016:2203", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html" - }, - { - "name" : "openSUSE-SU-2016:2363", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html" - }, - { - "name" : "91743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2363", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html" + }, + { + "name": "91743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91743" + }, + { + "name": "http://libgd.github.io/release-2.2.3.html", + "refsource": "CONFIRM", + "url": "http://libgd.github.io/release-2.2.3.html" + }, + { + "name": "openSUSE-SU-2016:2203", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html" + }, + { + "name": "https://github.com/libgd/libgd/issues/248", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/issues/248" + }, + { + "name": "https://github.com/libgd/libgd/pull/251", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/pull/251" + }, + { + "name": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186" + }, + { + "name": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03" + }, + { + "name": "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/23/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7012.json b/2016/7xxx/CVE-2016-7012.json index 2f2315d7021..cf49e6f22c8 100644 --- a/2016/7xxx/CVE-2016-7012.json +++ b/2016/7xxx/CVE-2016-7012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7319.json b/2016/7xxx/CVE-2016-7319.json index 8f96506ac5a..6837e12c837 100644 --- a/2016/7xxx/CVE-2016-7319.json +++ b/2016/7xxx/CVE-2016-7319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7319", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7319", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7537.json b/2016/7xxx/CVE-2016-7537.json index 4af8d7fffcd..d55bc27ca7f 100644 --- a/2016/7xxx/CVE-2016-7537.json +++ b/2016/7xxx/CVE-2016-7537.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378773", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378773" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/143", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/143" - }, - { - "name" : "93131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f" + }, + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378773", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378773" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/143", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/143" + }, + { + "name": "93131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93131" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7841.json b/2016/7xxx/CVE-2016-7841.json index a92bf6f84e9..bc31ea5c3f9 100644 --- a/2016/7xxx/CVE-2016-7841.json +++ b/2016/7xxx/CVE-2016-7841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Olive Diary DX", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Olive Design" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Olive Diary DX", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Olive Design" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#71538099", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71538099/index.html" - }, - { - "name" : "95314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95314" + }, + { + "name": "JVN#71538099", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71538099/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7930.json b/2016/7xxx/CVE-2016-7930.json index fe047762c59..fb894951af8 100644 --- a/2016/7xxx/CVE-2016-7930.json +++ b/2016/7xxx/CVE-2016-7930.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file