diff --git a/2006/0xxx/CVE-2006-0342.json b/2006/0xxx/CVE-2006-0342.json index ae5f0b5cd0c..80a098337b8 100644 --- a/2006/0xxx/CVE-2006-0342.json +++ b/2006/0xxx/CVE-2006-0342.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as \"|\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060120 RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113777628702043&w=2" - }, - { - "name" : "16331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16331" - }, - { - "name" : "ADV-2006-0284", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0284" - }, - { - "name" : "22678", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22678" - }, - { - "name" : "18551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18551" - }, - { - "name" : "mailsite-wconsole-dos(24255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as \"|\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0284", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0284" + }, + { + "name": "20060120 RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113777628702043&w=2" + }, + { + "name": "22678", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22678" + }, + { + "name": "18551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18551" + }, + { + "name": "mailsite-wconsole-dos(24255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24255" + }, + { + "name": "16331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16331" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0803.json b/2006/0xxx/CVE-2006-0803.json index 4e98494e5ec..0389a322ed1 100644 --- a/2006/0xxx/CVE-2006-0803.json +++ b/2006/0xxx/CVE-2006-0803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2006:009", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_09_gpg.html" - }, - { - "name" : "SUSE-SA:2006:013", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_13_gpg.html" - }, - { - "name" : "16889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2006:013", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html" + }, + { + "name": "SUSE-SA:2006:009", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html" + }, + { + "name": "16889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16889" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0892.json b/2006/0xxx/CVE-2006-0892.json index 6c6111d68ea..3252dcbd489 100644 --- a/2006/0xxx/CVE-2006-0892.json +++ b/2006/0xxx/CVE-2006-0892.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 NOCC Webmail <= 1.0 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html" - }, - { - "name" : "http://retrogod.altervista.org/noccw_10_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/noccw_10_incl_xpl.html" - }, - { - "name" : "16793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16793" - }, - { - "name" : "23420", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23420" - }, - { - "name" : "1015671", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015671" - }, - { - "name" : "16921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015671", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015671" + }, + { + "name": "20060223 NOCC Webmail <= 1.0 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html" + }, + { + "name": "23420", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23420" + }, + { + "name": "16921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16921" + }, + { + "name": "http://retrogod.altervista.org/noccw_10_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/noccw_10_incl_xpl.html" + }, + { + "name": "16793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16793" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1140.json b/2006/1xxx/CVE-2006-1140.json index 88c4537df28..e2c644c3948 100644 --- a/2006/1xxx/CVE-2006-1140.json +++ b/2006/1xxx/CVE-2006-1140.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x128.net/redblog-05-remote-sql-injection.txt", - "refsource" : "MISC", - "url" : "http://www.x128.net/redblog-05-remote-sql-injection.txt" - }, - { - "name" : "17041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17041" - }, - { - "name" : "ADV-2006-0894", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0894" - }, - { - "name" : "19181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19181" - }, - { - "name" : "redblog-catid-sql-injection(25122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19181" + }, + { + "name": "redblog-catid-sql-injection(25122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25122" + }, + { + "name": "17041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17041" + }, + { + "name": "ADV-2006-0894", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0894" + }, + { + "name": "http://www.x128.net/redblog-05-remote-sql-injection.txt", + "refsource": "MISC", + "url": "http://www.x128.net/redblog-05-remote-sql-injection.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4804.json b/2006/4xxx/CVE-2006-4804.json index b3c6b279e6a..0f54a0c0fa4 100644 --- a/2006/4xxx/CVE-2006-4804.json +++ b/2006/4xxx/CVE-2006-4804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4804", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4804", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5260.json b/2006/5xxx/CVE-2006-5260.json index 7cacdf06744..3b8b006ecbb 100644 --- a/2006/5xxx/CVE-2006-5260.json +++ b/2006/5xxx/CVE-2006-5260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3997", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3997" - }, - { - "name" : "29618", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29618" - }, - { - "name" : "22373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22373" - }, - { - "name" : "compteur-param-file-include(29425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "compteur-param-file-include(29425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29425" + }, + { + "name": "29618", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29618" + }, + { + "name": "22373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22373" + }, + { + "name": "ADV-2006-3997", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3997" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5513.json b/2006/5xxx/CVE-2006-5513.json index 7602b7bf1c3..4835ad345b0 100644 --- a/2006/5xxx/CVE-2006-5513.json +++ b/2006/5xxx/CVE-2006-5513.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=457195", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=457195" - }, - { - "name" : "20671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20671" - }, - { - "name" : "ADV-2006-4151", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4151" - }, - { - "name" : "22502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22502" - }, - { - "name" : "geonetwork-unspecified-sql-injection(29771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22502" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=457195", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=457195" + }, + { + "name": "ADV-2006-4151", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4151" + }, + { + "name": "geonetwork-unspecified-sql-injection(29771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29771" + }, + { + "name": "20671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20671" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5565.json b/2006/5xxx/CVE-2006-5565.json index d18f0012d96..26bd6d6a912 100644 --- a/2006/5xxx/CVE-2006-5565.json +++ b/2006/5xxx/CVE-2006-5565.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20754" - }, - { - "name" : "ADV-2006-4195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4195" - }, - { - "name" : "22564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4195" + }, + { + "name": "22564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22564" + }, + { + "name": "20754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20754" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5761.json b/2006/5xxx/CVE-2006-5761.json index 52615407dc7..969a64023f7 100644 --- a/2006/5xxx/CVE-2006-5761.json +++ b/2006/5xxx/CVE-2006-5761.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061104 IF-CMS multiples XSS vunerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450566/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=5", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=5" - }, - { - "name" : "20909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20909" - }, - { - "name" : "ADV-2006-4367", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4367" - }, - { - "name" : "1017161", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017161" - }, - { - "name" : "22715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22715" - }, - { - "name" : "1825", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1825" - }, - { - "name" : "ifcms-index-xss(30010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ifcms-index-xss(30010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30010" + }, + { + "name": "ADV-2006-4367", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4367" + }, + { + "name": "1825", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1825" + }, + { + "name": "20909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20909" + }, + { + "name": "20061104 IF-CMS multiples XSS vunerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450566/100/0/threaded" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=5", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=5" + }, + { + "name": "1017161", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017161" + }, + { + "name": "22715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22715" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5886.json b/2006/5xxx/CVE-2006-5886.json index 47a0f855bff..4a3725ba48d 100644 --- a/2006/5xxx/CVE-2006-5886.json +++ b/2006/5xxx/CVE-2006-5886.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061111 NuRems 1.0 Remote XSS/SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451331/100/0/threaded" - }, - { - "name" : "2755", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2755" - }, - { - "name" : "21017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21017" - }, - { - "name" : "ADV-2006-4469", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4469" - }, - { - "name" : "22828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22828" - }, - { - "name" : "1850", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1850" - }, - { - "name" : "nurems-propertysdetails-sql-injection(30194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nurems-propertysdetails-sql-injection(30194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30194" + }, + { + "name": "21017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21017" + }, + { + "name": "2755", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2755" + }, + { + "name": "1850", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1850" + }, + { + "name": "20061111 NuRems 1.0 Remote XSS/SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451331/100/0/threaded" + }, + { + "name": "22828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22828" + }, + { + "name": "ADV-2006-4469", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4469" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5926.json b/2006/5xxx/CVE-2006-5926.json index 4ca62934570..bc819ff11c9 100644 --- a/2006/5xxx/CVE-2006-5926.json +++ b/2006/5xxx/CVE-2006-5926.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=463228", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=463228" - }, - { - "name" : "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782", - "refsource" : "CONFIRM", - "url" : "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782" - }, - { - "name" : "21051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21051" - }, - { - "name" : "ADV-2006-4493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4493" - }, - { - "name" : "22812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22812" - }, - { - "name" : "vallheru-mail-sql-injection(30255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22812" + }, + { + "name": "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782", + "refsource": "CONFIRM", + "url": "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=463228", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=463228" + }, + { + "name": "vallheru-mail-sql-injection(30255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30255" + }, + { + "name": "ADV-2006-4493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4493" + }, + { + "name": "21051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21051" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2078.json b/2007/2xxx/CVE-2007-2078.json index 2e25a283682..b6968cdbc8b 100644 --- a/2007/2xxx/CVE-2007-2078.json +++ b/2007/2xxx/CVE-2007-2078.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 Maian Weblog v3.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465735/100/0/threaded" - }, - { - "name" : "20070415 Re: phpMyChat-0.14.5", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html" - }, - { - "name" : "20070415 false: Maian Weblog v3.1", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-April/001527.html" - }, - { - "name" : "35360", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35360" - }, - { - "name" : "2582", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2582" - }, - { - "name" : "maianweblog-pathtofolder-file-include(33708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35360", + "refsource": "OSVDB", + "url": "http://osvdb.org/35360" + }, + { + "name": "2582", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2582" + }, + { + "name": "20070414 Maian Weblog v3.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465735/100/0/threaded" + }, + { + "name": "20070415 Re: phpMyChat-0.14.5", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html" + }, + { + "name": "maianweblog-pathtofolder-file-include(33708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33708" + }, + { + "name": "20070415 false: Maian Weblog v3.1", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-April/001527.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0205.json b/2010/0xxx/CVE-2010-0205.json index 3be00ced8ca..0a679dc7aef 100644 --- a/2010/0xxx/CVE-2010-0205.json +++ b/2010/0xxx/CVE-2010-0205.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" - }, - { - "name" : "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", - "refsource" : "CONFIRM", - "url" : "http://libpng.sourceforge.net/ADVISORY-1.4.1.html" - }, - { - "name" : "http://libpng.sourceforge.net/decompression_bombs.html", - "refsource" : "CONFIRM", - "url" : "http://libpng.sourceforge.net/decompression_bombs.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "DSA-2032", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2032" - }, - { - "name" : "FEDORA-2010-2988", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html" - }, - { - "name" : "FEDORA-2010-3375", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html" - }, - { - "name" : "FEDORA-2010-3414", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html" - }, - { - "name" : "FEDORA-2010-4683", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html" - }, - { - "name" : "MDVSA-2010:063", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063" - }, - { - "name" : "MDVSA-2010:064", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-913-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-913-1" - }, - { - "name" : "VU#576029", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/576029" - }, - { - "name" : "38478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38478" - }, - { - "name" : "62670", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62670" - }, - { - "name" : "1023674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023674" - }, - { - "name" : "38774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38774" - }, - { - "name" : "39251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39251" - }, - { - "name" : "41574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41574" - }, - { - "name" : "ADV-2010-0605", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0605" - }, - { - "name" : "ADV-2010-0637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0637" - }, - { - "name" : "ADV-2010-0626", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0626" - }, - { - "name" : "ADV-2010-0517", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0517" - }, - { - "name" : "ADV-2010-0847", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0847" - }, - { - "name" : "ADV-2010-0667", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0667" - }, - { - "name" : "ADV-2010-0682", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0682" - }, - { - "name" : "ADV-2010-0686", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0686" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-2491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2491" - }, - { - "name" : "libpng-pngdecompresschunk-dos(56661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" + }, + { + "name": "ADV-2010-0517", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0517" + }, + { + "name": "ADV-2010-0682", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0682" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "62670", + "refsource": "OSVDB", + "url": "http://osvdb.org/62670" + }, + { + "name": "MDVSA-2010:063", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063" + }, + { + "name": "ADV-2010-0605", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0605" + }, + { + "name": "FEDORA-2010-3414", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html" + }, + { + "name": "ADV-2010-0626", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0626" + }, + { + "name": "ADV-2010-0686", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0686" + }, + { + "name": "39251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39251" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "MDVSA-2010:064", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064" + }, + { + "name": "libpng-pngdecompresschunk-dos(56661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "USN-913-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-913-1" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "DSA-2032", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2032" + }, + { + "name": "41574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41574" + }, + { + "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" + }, + { + "name": "FEDORA-2010-3375", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html" + }, + { + "name": "38774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38774" + }, + { + "name": "SUSE-SR:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" + }, + { + "name": "ADV-2010-0637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0637" + }, + { + "name": "VU#576029", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/576029" + }, + { + "name": "FEDORA-2010-4683", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html" + }, + { + "name": "38478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38478" + }, + { + "name": "ADV-2010-2491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2491" + }, + { + "name": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", + "refsource": "CONFIRM", + "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html" + }, + { + "name": "1023674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023674" + }, + { + "name": "ADV-2010-0847", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0847" + }, + { + "name": "ADV-2010-0667", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0667" + }, + { + "name": "FEDORA-2010-2988", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html" + }, + { + "name": "http://libpng.sourceforge.net/decompression_bombs.html", + "refsource": "CONFIRM", + "url": "http://libpng.sourceforge.net/decompression_bombs.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0783.json b/2010/0xxx/CVE-2010-0783.json index 10eba4335bd..0d433a14ec0 100644 --- a/2010/0xxx/CVE-2010-0783.json +++ b/2010/0xxx/CVE-2010-0783.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM14251", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251" - }, - { - "name" : "69007", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69007" - }, - { - "name" : "1024686", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024686" - }, - { - "name" : "41722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41722" - }, - { - "name" : "42136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42136" - }, - { - "name" : "was-admin-cons-xss(62947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "was-admin-cons-xss(62947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62947" + }, + { + "name": "42136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42136" + }, + { + "name": "PM14251", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251" + }, + { + "name": "41722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41722" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "69007", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69007" + }, + { + "name": "1024686", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024686" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2700.json b/2010/2xxx/CVE-2010-2700.json index db37d7b68b9..f717df75bfd 100644 --- a/2010/2xxx/CVE-2010-2700.json +++ b/2010/2xxx/CVE-2010-2700.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14322", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14322" - }, - { - "name" : "41538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14322", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14322" + }, + { + "name": "41538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41538" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3074.json b/2010/3xxx/CVE-2010-3074.json index bfcdbf5a693..4581bfc490e 100644 --- a/2010/3xxx/CVE-2010-3074.json +++ b/2010/3xxx/CVE-2010-3074.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100826 Multiple Vulnerabilities in EncFS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html" - }, - { - "name" : "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/05/3" - }, - { - "name" : "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/06/1" - }, - { - "name" : "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/07/8" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=335938", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=335938" - }, - { - "name" : "http://code.google.com/p/encfs/source/detail?r=59", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/encfs/source/detail?r=59" - }, - { - "name" : "http://www.arg0.net/encfs", - "refsource" : "CONFIRM", - "url" : "http://www.arg0.net/encfs" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460" - }, - { - "name" : "FEDORA-2010-14200", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html" - }, - { - "name" : "FEDORA-2010-14254", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html" - }, - { - "name" : "FEDORA-2010-14268", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html" - }, - { - "name" : "SUSE-SR:2010:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" - }, - { - "name" : "41158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41158" - }, - { - "name" : "41478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41478" - }, - { - "name" : "ADV-2010-2414", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41158" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=630460", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630460" + }, + { + "name": "41478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41478" + }, + { + "name": "http://code.google.com/p/encfs/source/detail?r=59", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/encfs/source/detail?r=59" + }, + { + "name": "FEDORA-2010-14268", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html" + }, + { + "name": "FEDORA-2010-14200", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=335938", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=335938" + }, + { + "name": "SUSE-SR:2010:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" + }, + { + "name": "20100826 Multiple Vulnerabilities in EncFS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html" + }, + { + "name": "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/05/3" + }, + { + "name": "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/07/8" + }, + { + "name": "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/06/1" + }, + { + "name": "ADV-2010-2414", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2414" + }, + { + "name": "http://www.arg0.net/encfs", + "refsource": "CONFIRM", + "url": "http://www.arg0.net/encfs" + }, + { + "name": "FEDORA-2010-14254", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3303.json b/2010/3xxx/CVE-2010-3303.json index 4448e1cf123..a001d915830 100644 --- a/2010/3xxx/CVE-2010-3303.json +++ b/2010/3xxx/CVE-2010-3303.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/14/12" - }, - { - "name" : "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/14/19" - }, - { - "name" : "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/14/13" - }, - { - "name" : "[oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/16/16" - }, - { - "name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=12231", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=12231" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=12232", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=12232" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=12234", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=12234" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=12238", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=12238" - }, - { - "name" : "FEDORA-2010-15061", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html" - }, - { - "name" : "FEDORA-2010-15080", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html" - }, - { - "name" : "FEDORA-2010-15082", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html" - }, - { - "name" : "GLSA-201211-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" - }, - { - "name" : "43604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43604" - }, - { - "name" : "41653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41653" - }, - { - "name" : "51199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51199" - }, - { - "name" : "ADV-2010-2535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-15080", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html" + }, + { + "name": "FEDORA-2010-15082", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html" + }, + { + "name": "GLSA-201211-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml" + }, + { + "name": "41653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41653" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=12234", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=12234" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=12231", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=12231" + }, + { + "name": "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/14/19" + }, + { + "name": "ADV-2010-2535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2535" + }, + { + "name": "[oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/14/12" + }, + { + "name": "FEDORA-2010-15061", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html" + }, + { + "name": "51199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51199" + }, + { + "name": "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/14/13" + }, + { + "name": "[oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/16/16" + }, + { + "name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111" + }, + { + "name": "43604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43604" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=12232", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=12232" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=12238", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=12238" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3794.json b/2010/3xxx/CVE-2010-3794.json index 5ffc08cf5ad..22892162e58 100644 --- a/2010/3xxx/CVE-2010-3794.json +++ b/2010/3xxx/CVE-2010-3794.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4447", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4447" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-12-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" - }, - { - "name" : "1024729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "1024729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024729" + }, + { + "name": "APPLE-SA-2010-12-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4447", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4447" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3969.json b/2010/3xxx/CVE-2010-3969.json index ad2b29db850..d56f1e13825 100644 --- a/2010/3xxx/CVE-2010-3969.json +++ b/2010/3xxx/CVE-2010-3969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3969", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3969", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4026.json b/2010/4xxx/CVE-2010-4026.json index 33a328b9e7c..79ae22b8d6e 100644 --- a/2010/4xxx/CVE-2010-4026.json +++ b/2010/4xxx/CVE-2010-4026.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMI02580", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128820663424237&w=2" - }, - { - "name" : "SSRT100254", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128820663424237&w=2" - }, - { - "name" : "1024647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024647" - }, - { - "name" : "42023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024647" + }, + { + "name": "HPSBMI02580", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128820663424237&w=2" + }, + { + "name": "42023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42023" + }, + { + "name": "SSRT100254", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128820663424237&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4344.json b/2010/4xxx/CVE-2010-4344.json index e6a1ceb0a68..a64f18ae203 100644 --- a/2010/4xxx/CVE-2010-4344.json +++ b/2010/4xxx/CVE-2010-4344.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101213 Exim security issue in historical release", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515172/100/0/threaded" - }, - { - "name" : "[exim-dev] 20101207 Remote root vulnerability in Exim", - "refsource" : "MLIST", - "url" : "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" - }, - { - "name" : "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", - "refsource" : "MLIST", - "url" : "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" - }, - { - "name" : "[oss-security] 20101210 Exim remote root", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/10/1" - }, - { - "name" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" - }, - { - "name" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" - }, - { - "name" : "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70" - }, - { - "name" : "http://bugs.exim.org/show_bug.cgi?id=787", - "refsource" : "CONFIRM", - "url" : "http://bugs.exim.org/show_bug.cgi?id=787" - }, - { - "name" : "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b", - "refsource" : "CONFIRM", - "url" : "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=661756", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=661756" - }, - { - "name" : "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html", - "refsource" : "CONFIRM", - "url" : "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html" - }, - { - "name" : "http://atmail.com/blog/2010/atmail-6204-now-available/", - "refsource" : "CONFIRM", - "url" : "http://atmail.com/blog/2010/atmail-6204-now-available/" - }, - { - "name" : "DSA-2131", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2131" - }, - { - "name" : "RHSA-2010:0970", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0970.html" - }, - { - "name" : "SUSE-SA:2010:059", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" - }, - { - "name" : "USN-1032-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1032-1" - }, - { - "name" : "VU#682457", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/682457" - }, - { - "name" : "45308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45308" - }, - { - "name" : "69685", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69685" - }, - { - "name" : "1024858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024858" - }, - { - "name" : "40019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40019" - }, - { - "name" : "42576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42576" - }, - { - "name" : "42586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42586" - }, - { - "name" : "42587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42587" - }, - { - "name" : "42589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42589" - }, - { - "name" : "ADV-2010-3171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3171" - }, - { - "name" : "ADV-2010-3172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3172" - }, - { - "name" : "ADV-2010-3181", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3181" - }, - { - "name" : "ADV-2010-3186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3186" - }, - { - "name" : "ADV-2010-3204", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3204" - }, - { - "name" : "ADV-2010-3246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3246" - }, - { - "name" : "ADV-2010-3317", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:059", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" + }, + { + "name": "[exim-dev] 20101207 Remote root vulnerability in Exim", + "refsource": "MLIST", + "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" + }, + { + "name": "http://bugs.exim.org/show_bug.cgi?id=787", + "refsource": "CONFIRM", + "url": "http://bugs.exim.org/show_bug.cgi?id=787" + }, + { + "name": "1024858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024858" + }, + { + "name": "RHSA-2010:0970", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html" + }, + { + "name": "ADV-2010-3186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3186" + }, + { + "name": "45308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45308" + }, + { + "name": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" + }, + { + "name": "http://atmail.com/blog/2010/atmail-6204-now-available/", + "refsource": "CONFIRM", + "url": "http://atmail.com/blog/2010/atmail-6204-now-available/" + }, + { + "name": "42576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42576" + }, + { + "name": "42587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42587" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=661756", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756" + }, + { + "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", + "refsource": "MLIST", + "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" + }, + { + "name": "40019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40019" + }, + { + "name": "ADV-2010-3172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3172" + }, + { + "name": "VU#682457", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/682457" + }, + { + "name": "ADV-2010-3181", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3181" + }, + { + "name": "42586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42586" + }, + { + "name": "ADV-2010-3317", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3317" + }, + { + "name": "USN-1032-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1032-1" + }, + { + "name": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html", + "refsource": "CONFIRM", + "url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html" + }, + { + "name": "69685", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69685" + }, + { + "name": "20101213 Exim security issue in historical release", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded" + }, + { + "name": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" + }, + { + "name": "ADV-2010-3246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3246" + }, + { + "name": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70", + "refsource": "CONFIRM", + "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70" + }, + { + "name": "ADV-2010-3204", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3204" + }, + { + "name": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b", + "refsource": "CONFIRM", + "url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b" + }, + { + "name": "DSA-2131", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2131" + }, + { + "name": "ADV-2010-3171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3171" + }, + { + "name": "42589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42589" + }, + { + "name": "[oss-security] 20101210 Exim remote root", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/10/1" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4731.json b/2010/4xxx/CVE-2010-4731.json index 01945e94fde..9a17fccea33 100644 --- a/2010/4xxx/CVE-2010-4731.json +++ b/2010/4xxx/CVE-2010-4731.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf" - }, - { - "name" : "VU#114560", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/114560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#114560", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/114560" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf" + }, + { + "name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0501.json b/2014/0xxx/CVE-2014-0501.json index be4eeb130f7..ea5025de8c4 100644 --- a/2014/0xxx/CVE-2014-0501.json +++ b/2014/0xxx/CVE-2014-0501.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" - }, - { - "name" : "65493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65493" - }, - { - "name" : "103158", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103158" - }, - { - "name" : "1029740", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029740" - }, - { - "name" : "56740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56740" - }, - { - "name" : "adobe-cve20140501-code-exec(91008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-cve20140501-code-exec(91008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91008" + }, + { + "name": "56740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56740" + }, + { + "name": "1029740", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029740" + }, + { + "name": "65493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65493" + }, + { + "name": "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" + }, + { + "name": "103158", + "refsource": "OSVDB", + "url": "http://osvdb.org/103158" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3709.json b/2014/3xxx/CVE-2014-3709.json index 9b6ef826f40..ed96edc7bd8 100644 --- a/2014/3xxx/CVE-2014-3709.json +++ b/2014/3xxx/CVE-2014-3709.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154971", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154971" - }, - { - "name" : "https://issues.jboss.org/browse/KEYCLOAK-765", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/KEYCLOAK-765" - }, - { - "name" : "101508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.jboss.org/browse/KEYCLOAK-765", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/KEYCLOAK-765" + }, + { + "name": "101508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101508" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154971", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154971" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4361.json b/2014/4xxx/CVE-2014-4361.json index b1fccb49665..0f487d4763d 100644 --- a/2014/4xxx/CVE-2014-4361.json +++ b/2014/4xxx/CVE-2014-4361.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69949" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144361-sec-bypass(96094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69949" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "appleios-cve20144361-sec-bypass(96094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96094" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4728.json b/2014/4xxx/CVE-2014-4728.json index 7401589e918..4ea2691c2a2 100644 --- a/2014/4xxx/CVE-2014-4728.json +++ b/2014/4xxx/CVE-2014-4728.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140921 TP-LINK WDR4300 - Stored XSS & DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533499/100/0/threaded" - }, - { - "name" : "20140922 Re: TP-LINK WDR4300 - Stored XSS & DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533501/100/0/threaded" - }, - { - "name" : "20140923 TP-LINK WDR4300 - Stored XSS & DoS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/80" - }, - { - "name" : "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html" - }, - { - "name" : "70037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70037" - }, - { - "name" : "tplink-wdr4300-cve20144728-dos(96140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tplink-wdr4300-cve20144728-dos(96140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96140" + }, + { + "name": "20140922 Re: TP-LINK WDR4300 - Stored XSS & DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533501/100/0/threaded" + }, + { + "name": "20140923 TP-LINK WDR4300 - Stored XSS & DoS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/80" + }, + { + "name": "70037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70037" + }, + { + "name": "20140921 TP-LINK WDR4300 - Stored XSS & DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533499/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4871.json b/2014/4xxx/CVE-2014-4871.json index 57602b869d2..2911800ca15 100644 --- a/2014/4xxx/CVE-2014-4871.json +++ b/2014/4xxx/CVE-2014-4871.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#941108", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/941108" - }, - { - "name" : "70253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70253" + }, + { + "name": "VU#941108", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/941108" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4901.json b/2014/4xxx/CVE-2014-4901.json index 4b86c679090..94283367669 100644 --- a/2014/4xxx/CVE-2014-4901.json +++ b/2014/4xxx/CVE-2014-4901.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#560497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/560497" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#560497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/560497" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4936.json b/2014/4xxx/CVE-2014-4936.json index f2e35647aa0..e7e6e6f2acf 100644 --- a/2014/4xxx/CVE-2014-4936.json +++ b/2014/4xxx/CVE-2014-4936.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and", - "refsource" : "MISC", - "url" : "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and" - }, - { - "name" : "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and", + "refsource": "MISC", + "url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and" + }, + { + "name": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8017.json b/2014/8xxx/CVE-2014-8017.json index 0bf355694fe..ce16f69f25a 100644 --- a/2014/8xxx/CVE-2014-8017.json +++ b/2014/8xxx/CVE-2014-8017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017" - }, - { - "name" : "71767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71767" - }, - { - "name" : "1031425", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71767" + }, + { + "name": "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017" + }, + { + "name": "1031425", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031425" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8338.json b/2014/8xxx/CVE-2014-8338.json index e01422e6fc8..13810a77d6e 100644 --- a/2014/8xxx/CVE-2014-8338.json +++ b/2014/8xxx/CVE-2014-8338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8499.json b/2014/8xxx/CVE-2014-8499.json index e31d989d9fb..86f633db09f 100644 --- a/2014/8xxx/CVE-2014-8499.json +++ b/2014/8xxx/CVE-2014-8499.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35210", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35210" - }, - { - "name" : "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/18" - }, - { - "name" : "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt" - }, - { - "name" : "71018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71018" - }, - { - "name" : "114484", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/114484" - }, - { - "name" : "114485", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/114485" - }, - { - "name" : "passwordmanager-cve20148499-sql-injection(98597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98597" - }, - { - "name" : "pmp-cve20148499-sql-injection(98595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pmp-cve20148499-sql-injection(98595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98595" + }, + { + "name": "114485", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/114485" + }, + { + "name": "114484", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/114484" + }, + { + "name": "71018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71018" + }, + { + "name": "passwordmanager-cve20148499-sql-injection(98597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98597" + }, + { + "name": "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html" + }, + { + "name": "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/18" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt" + }, + { + "name": "35210", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35210" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8550.json b/2014/8xxx/CVE-2014-8550.json index 1d003756cf4..e8a5e8ee36a 100644 --- a/2014/8xxx/CVE-2014-8550.json +++ b/2014/8xxx/CVE-2014-8550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8628.json b/2014/8xxx/CVE-2014-8628.json index 3ba9dd34285..604557c8da7 100644 --- a/2014/8xxx/CVE-2014-8628.json +++ b/2014/8xxx/CVE-2014-8628.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2014-8628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released", - "refsource" : "CONFIRM", - "url" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released" - }, - { - "name" : "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released", - "refsource" : "CONFIRM", - "url" : "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released" - }, - { - "name" : "DSA-3116", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3116" - }, - { - "name" : "openSUSE-SU-2014:1457", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1457", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html" + }, + { + "name": "DSA-3116", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3116" + }, + { + "name": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released", + "refsource": "CONFIRM", + "url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released" + }, + { + "name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released", + "refsource": "CONFIRM", + "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8886.json b/2014/8xxx/CVE-2014-8886.json index cb47c48bf89..14418e912a2 100644 --- a/2014/8xxx/CVE-2014-8886.json +++ b/2014/8xxx/CVE-2014-8886.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537246/100/0/threaded" - }, - { - "name" : "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jan/12" - }, - { - "name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014", - "refsource" : "MISC", - "url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014" - }, - { - "name" : "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html" - }, - { - "name" : "https://avm.de/service/sicherheitsinfos-zu-updates/", - "refsource" : "CONFIRM", - "url" : "https://avm.de/service/sicherheitsinfos-zu-updates/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jan/12" + }, + { + "name": "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537246/100/0/threaded" + }, + { + "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014", + "refsource": "MISC", + "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014" + }, + { + "name": "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html" + }, + { + "name": "https://avm.de/service/sicherheitsinfos-zu-updates/", + "refsource": "CONFIRM", + "url": "https://avm.de/service/sicherheitsinfos-zu-updates/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9085.json b/2014/9xxx/CVE-2014-9085.json index e44e3b1dc0e..a306d18b10a 100644 --- a/2014/9xxx/CVE-2014-9085.json +++ b/2014/9xxx/CVE-2014-9085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9133.json b/2014/9xxx/CVE-2014-9133.json index 6560c1aa275..e17e0d00374 100644 --- a/2014/9xxx/CVE-2014-9133.json +++ b/2014/9xxx/CVE-2014-9133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9464.json b/2014/9xxx/CVE-2014-9464.json index a45e972e4a3..def4cf676a4 100644 --- a/2014/9xxx/CVE-2014-9464.json +++ b/2014/9xxx/CVE-2014-9464.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=SSE8Xj_-QaQ", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=SSE8Xj_-QaQ" - }, - { - "name" : "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29", - "refsource" : "CONFIRM", - "url" : "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29", + "refsource": "CONFIRM", + "url": "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29" + }, + { + "name": "https://www.youtube.com/watch?v=SSE8Xj_-QaQ", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=SSE8Xj_-QaQ" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9834.json b/2014/9xxx/CVE-2014-9834.json index 93516e56df1..9642b158d89 100644 --- a/2014/9xxx/CVE-2014-9834.json +++ b/2014/9xxx/CVE-2014-9834.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9981.json b/2014/9xxx/CVE-2014-9981.json index d8ecba2f46a..0c4123f84bb 100644 --- a/2014/9xxx/CVE-2014-9981.json +++ b/2014/9xxx/CVE-2014-9981.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-9981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-9981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2530.json b/2016/2xxx/CVE-2016-2530.json index 5192a8fe311..7e5ca6cc4bc 100644 --- a/2016/2xxx/CVE-2016-2530.json +++ b/2016/2xxx/CVE-2016-2530.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-10.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "DSA-3516", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3516" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "openSUSE-SU-2016:0660", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0661", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" - }, - { - "name" : "1035118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0661", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" + }, + { + "name": "openSUSE-SU-2016:0660", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" + }, + { + "name": "DSA-3516", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3516" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-10.html" + }, + { + "name": "1035118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035118" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2608.json b/2016/2xxx/CVE-2016-2608.json index b6e57a1bb9a..f5350488ee8 100644 --- a/2016/2xxx/CVE-2016-2608.json +++ b/2016/2xxx/CVE-2016-2608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2608", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2608", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3191.json b/2016/3xxx/CVE-2016-3191.json index 5419f14b6a2..7b143422dcc 100644 --- a/2016/3xxx/CVE-2016-3191.json +++ b/2016/3xxx/CVE-2016-3191.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-3191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vcs.pcre.org/pcre2?view=revision&revision=489", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre2?view=revision&revision=489" - }, - { - "name" : "http://vcs.pcre.org/pcre?view=revision&revision=1631", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre?view=revision&revision=1631" - }, - { - "name" : "https://bugs.debian.org/815920", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/815920" - }, - { - "name" : "https://bugs.debian.org/815921", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/815921" - }, - { - "name" : "https://bugs.exim.org/show_bug.cgi?id=1791", - "refsource" : "CONFIRM", - "url" : "https://bugs.exim.org/show_bug.cgi?id=1791" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311503" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa128", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa128" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "RHSA-2016:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1025.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "84810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84810" + }, + { + "name": "http://vcs.pcre.org/pcre2?view=revision&revision=489", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre2?view=revision&revision=489" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" + }, + { + "name": "RHSA-2016:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html" + }, + { + "name": "https://bugs.debian.org/815921", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/815921" + }, + { + "name": "https://bugs.debian.org/815920", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/815920" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503" + }, + { + "name": "https://bugs.exim.org/show_bug.cgi?id=1791", + "refsource": "CONFIRM", + "url": "https://bugs.exim.org/show_bug.cgi?id=1791" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa128", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa128" + }, + { + "name": "http://vcs.pcre.org/pcre?view=revision&revision=1631", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre?view=revision&revision=1631" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3400.json b/2016/3xxx/CVE-2016-3400.json index 1fc4d93ad74..f8b0a20e0e3 100644 --- a/2016/3xxx/CVE-2016-3400.json +++ b/2016/3xxx/CVE-2016-3400.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063" - }, - { - "name" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products" - }, - { - "name" : "99101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99101" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063" + }, + { + "name": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3667.json b/2016/3xxx/CVE-2016-3667.json index 132d13ddd47..9b51ab43e56 100644 --- a/2016/3xxx/CVE-2016-3667.json +++ b/2016/3xxx/CVE-2016-3667.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3667", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3667", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3860.json b/2016/3xxx/CVE-2016-3860.json index 58d86893ba6..0ee29be9195 100644 --- a/2016/3xxx/CVE-2016-3860.json +++ b/2016/3xxx/CVE-2016-3860.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48" - }, - { - "name" : "93320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93320" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6068.json b/2016/6xxx/CVE-2016-6068.json index 8396fa552eb..32812db2e71 100644 --- a/2016/6xxx/CVE-2016-6068.json +++ b/2016/6xxx/CVE-2016-6068.json @@ -1,190 +1,190 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UrbanCode Deploy", - "version" : { - "version_data" : [ - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.1.1" - }, - { - "version_value" : "6.0.1.2" - }, - { - "version_value" : "6.0.1.3" - }, - { - "version_value" : "6.0.1.4" - }, - { - "version_value" : "6.0.1.5" - }, - { - "version_value" : "6.0.1.6" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.1.0.1" - }, - { - "version_value" : "6.1.0.3" - }, - { - "version_value" : "6.0.1.7" - }, - { - "version_value" : "6.0.1.8" - }, - { - "version_value" : "6.1.0.4" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.1.1.1" - }, - { - "version_value" : "6.1.1.2" - }, - { - "version_value" : "6.1.1.3" - }, - { - "version_value" : "6.1.1.4" - }, - { - "version_value" : "6.1.1.5" - }, - { - "version_value" : "6.0.1.9" - }, - { - "version_value" : "6.1.1.6" - }, - { - "version_value" : "6.1.1.7" - }, - { - "version_value" : "6.1.2" - }, - { - "version_value" : "6.0.1.10" - }, - { - "version_value" : "6.0.1.11" - }, - { - "version_value" : "6.1.1.8" - }, - { - "version_value" : "6.1.3" - }, - { - "version_value" : "6.1.3.1" - }, - { - "version_value" : "6.2" - }, - { - "version_value" : "6.2.0.1" - }, - { - "version_value" : "6.0.1.12" - }, - { - "version_value" : "6.1.3.2" - }, - { - "version_value" : "6.2.0.2" - }, - { - "version_value" : "6.2.1" - }, - { - "version_value" : "6.0.1.13" - }, - { - "version_value" : "6.2.1.1" - }, - { - "version_value" : "6.0.1.14" - }, - { - "version_value" : "6.1.3.3" - }, - { - "version_value" : "6.2.1.2" - }, - { - "version_value" : "6.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy", + "version": { + "version_data": [ + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.1.1" + }, + { + "version_value": "6.0.1.2" + }, + { + "version_value": "6.0.1.3" + }, + { + "version_value": "6.0.1.4" + }, + { + "version_value": "6.0.1.5" + }, + { + "version_value": "6.0.1.6" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.1.0.1" + }, + { + "version_value": "6.1.0.3" + }, + { + "version_value": "6.0.1.7" + }, + { + "version_value": "6.0.1.8" + }, + { + "version_value": "6.1.0.4" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.1.1.1" + }, + { + "version_value": "6.1.1.2" + }, + { + "version_value": "6.1.1.3" + }, + { + "version_value": "6.1.1.4" + }, + { + "version_value": "6.1.1.5" + }, + { + "version_value": "6.0.1.9" + }, + { + "version_value": "6.1.1.6" + }, + { + "version_value": "6.1.1.7" + }, + { + "version_value": "6.1.2" + }, + { + "version_value": "6.0.1.10" + }, + { + "version_value": "6.0.1.11" + }, + { + "version_value": "6.1.1.8" + }, + { + "version_value": "6.1.3" + }, + { + "version_value": "6.1.3.1" + }, + { + "version_value": "6.2" + }, + { + "version_value": "6.2.0.1" + }, + { + "version_value": "6.0.1.12" + }, + { + "version_value": "6.1.3.2" + }, + { + "version_value": "6.2.0.2" + }, + { + "version_value": "6.2.1" + }, + { + "version_value": "6.0.1.13" + }, + { + "version_value": "6.2.1.1" + }, + { + "version_value": "6.0.1.14" + }, + { + "version_value": "6.1.3.3" + }, + { + "version_value": "6.2.1.2" + }, + { + "version_value": "6.2.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000229", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000229" - }, - { - "name" : "95290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229" + }, + { + "name": "95290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95290" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6321.json b/2016/6xxx/CVE-2016-6321.json index e4e5e4b0aee..0662860a64c 100644 --- a/2016/6xxx/CVE-2016-6321.json +++ b/2016/6xxx/CVE-2016-6321.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/96" - }, - { - "name" : "20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Oct/102" - }, - { - "name" : "[bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html" - }, - { - "name" : "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html" - }, - { - "name" : "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d" - }, - { - "name" : "DSA-3702", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3702" - }, - { - "name" : "GLSA-201611-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-19" - }, - { - "name" : "USN-3132-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3132-1" - }, - { - "name" : "93937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/102" + }, + { + "name": "93937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93937" + }, + { + "name": "GLSA-201611-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-19" + }, + { + "name": "20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Oct/96" + }, + { + "name": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d" + }, + { + "name": "[bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html" + }, + { + "name": "DSA-3702", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3702" + }, + { + "name": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" + }, + { + "name": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html" + }, + { + "name": "USN-3132-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3132-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6410.json b/2016/6xxx/CVE-2016-6410.json index c7b3dc84d6e..0bd13f50365 100644 --- a/2016/6xxx/CVE-2016-6410.json +++ b/2016/6xxx/CVE-2016-6410.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160921 Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf" - }, - { - "name" : "93090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93090" - }, - { - "name" : "1036873", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93090" + }, + { + "name": "1036873", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036873" + }, + { + "name": "20160921 Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6790.json b/2016/6xxx/CVE-2016-6790.json index e5a1ab12faa..7eff3454204 100644 --- a/2016/6xxx/CVE-2016-6790.json +++ b/2016/6xxx/CVE-2016-6790.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android Kernel-3.18", - "version" : { - "version_data" : [ - { - "version_value" : "Android Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android Kernel-3.18", + "version": { + "version_data": [ + { + "version_value": "Android Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94678" + }, + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7034.json b/2016/7xxx/CVE-2016-7034.json index 76144f6bae8..10456f03e04 100644 --- a/2016/7xxx/CVE-2016-7034.json +++ b/2016/7xxx/CVE-2016-7034.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-7034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373347", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373347" - }, - { - "name" : "RHSA-2017:0557", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0557.html" - }, - { - "name" : "RHSA-2018:0296", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0296" - }, - { - "name" : "92760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0557", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html" + }, + { + "name": "RHSA-2018:0296", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0296" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347" + }, + { + "name": "92760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92760" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7526.json b/2016/7xxx/CVE-2016-7526.json index 55e2f159855..6a75b9e80d0 100644 --- a/2016/7xxx/CVE-2016-7526.json +++ b/2016/7xxx/CVE-2016-7526.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/bugs/1539050", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/bugs/1539050" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378758", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378758" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/102", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/102" - }, - { - "name" : "93131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/102", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/102" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378758", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378758" + }, + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://bugs.launchpad.net/bugs/1539050", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/bugs/1539050" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599" + }, + { + "name": "93131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93131" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7876.json b/2016/7xxx/CVE-2016-7876.json index d28883fb8b6..c795f4453f3 100644 --- a/2016/7xxx/CVE-2016-7876.json +++ b/2016/7xxx/CVE-2016-7876.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94866" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "94866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94866" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file