From ef0176afacdc1f812f4dd90e67bf316f86b3c81f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:57:25 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0362.json | 180 ++++++++-------- 2006/1xxx/CVE-2006-1088.json | 190 ++++++++--------- 2006/1xxx/CVE-2006-1109.json | 180 ++++++++-------- 2006/1xxx/CVE-2006-1281.json | 210 +++++++++--------- 2006/1xxx/CVE-2006-1942.json | 400 +++++++++++++++++------------------ 2006/1xxx/CVE-2006-1957.json | 160 +++++++------- 2006/5xxx/CVE-2006-5893.json | 180 ++++++++-------- 2007/2xxx/CVE-2007-2805.json | 150 ++++++------- 2010/0xxx/CVE-2010-0302.json | 290 ++++++++++++------------- 2010/0xxx/CVE-2010-0444.json | 160 +++++++------- 2010/0xxx/CVE-2010-0724.json | 150 ++++++------- 2010/1xxx/CVE-2010-1164.json | 200 +++++++++--------- 2010/1xxx/CVE-2010-1330.json | 180 ++++++++-------- 2010/1xxx/CVE-2010-1616.json | 150 ++++++------- 2010/1xxx/CVE-2010-1928.json | 160 +++++++------- 2010/3xxx/CVE-2010-3193.json | 210 +++++++++--------- 2010/3xxx/CVE-2010-3213.json | 150 ++++++------- 2010/3xxx/CVE-2010-3477.json | 230 ++++++++++---------- 2010/3xxx/CVE-2010-3736.json | 140 ++++++------ 2010/4xxx/CVE-2010-4208.json | 260 +++++++++++------------ 2010/4xxx/CVE-2010-4381.json | 130 ++++++------ 2010/4xxx/CVE-2010-4650.json | 160 +++++++------- 2014/0xxx/CVE-2014-0868.json | 180 ++++++++-------- 2014/4xxx/CVE-2014-4063.json | 150 ++++++------- 2014/4xxx/CVE-2014-4284.json | 150 ++++++------- 2014/4xxx/CVE-2014-4332.json | 34 +-- 2014/8xxx/CVE-2014-8356.json | 34 +-- 2014/8xxx/CVE-2014-8391.json | 160 +++++++------- 2014/8xxx/CVE-2014-8715.json | 34 +-- 2014/8xxx/CVE-2014-8894.json | 150 ++++++------- 2014/9xxx/CVE-2014-9318.json | 140 ++++++------ 2014/9xxx/CVE-2014-9326.json | 130 ++++++------ 2014/9xxx/CVE-2014-9385.json | 130 ++++++------ 2014/9xxx/CVE-2014-9543.json | 34 +-- 2014/9xxx/CVE-2014-9738.json | 140 ++++++------ 2016/3xxx/CVE-2016-3196.json | 180 ++++++++-------- 2016/3xxx/CVE-2016-3213.json | 150 ++++++------- 2016/3xxx/CVE-2016-3297.json | 160 +++++++------- 2016/3xxx/CVE-2016-3320.json | 150 ++++++------- 2016/3xxx/CVE-2016-3404.json | 140 ++++++------ 2016/3xxx/CVE-2016-3923.json | 140 ++++++------ 2016/3xxx/CVE-2016-3949.json | 140 ++++++------ 2016/6xxx/CVE-2016-6026.json | 130 ++++++------ 2016/6xxx/CVE-2016-6059.json | 202 +++++++++--------- 2016/6xxx/CVE-2016-6156.json | 170 +++++++-------- 2016/6xxx/CVE-2016-6469.json | 130 ++++++------ 2016/6xxx/CVE-2016-6597.json | 150 ++++++------- 2016/6xxx/CVE-2016-6996.json | 140 ++++++------ 2016/7xxx/CVE-2016-7591.json | 160 +++++++------- 2016/7xxx/CVE-2016-7602.json | 140 ++++++------ 2016/7xxx/CVE-2016-7725.json | 34 +-- 2016/8xxx/CVE-2016-8037.json | 34 +-- 2016/8xxx/CVE-2016-8047.json | 34 +-- 2016/8xxx/CVE-2016-8610.json | 350 +++++++++++++++--------------- 54 files changed, 4210 insertions(+), 4210 deletions(-) diff --git a/2006/0xxx/CVE-2006-0362.json b/2006/0xxx/CVE-2006-0362.json index 3ae250c9927..c7c4f47abd9 100644 --- a/2006/0xxx/CVE-2006-0362.json +++ b/2006/0xxx/CVE-2006-0362.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isc.sans.org/diary.php?storyid=1042", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.php?storyid=1042" - }, - { - "name" : "http://www.eweek.com/article2/0,1759,1912048,00.asp", - "refsource" : "CONFIRM", - "url" : "http://www.eweek.com/article2/0,1759,1912048,00.asp" - }, - { - "name" : "16299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16299" - }, - { - "name" : "22504", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22504" - }, - { - "name" : "1015511", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015511" - }, - { - "name" : "18515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18515" - }, - { - "name" : "tippingpoint-ips-http-traffic-dos(24200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015511", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015511" + }, + { + "name": "22504", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22504" + }, + { + "name": "http://www.eweek.com/article2/0,1759,1912048,00.asp", + "refsource": "CONFIRM", + "url": "http://www.eweek.com/article2/0,1759,1912048,00.asp" + }, + { + "name": "18515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18515" + }, + { + "name": "http://isc.sans.org/diary.php?storyid=1042", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.php?storyid=1042" + }, + { + "name": "tippingpoint-ips-http-traffic-dos(24200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24200" + }, + { + "name": "16299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16299" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1088.json b/2006/1xxx/CVE-2006-1088.json index 67e1490c4de..1d19d424389 100644 --- a/2006/1xxx/CVE-2006-1088.json +++ b/2006/1xxx/CVE-2006-1088.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 PHP-Stats <= 0.1.9.1 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426762/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/php_stats_0191_adv.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/php_stats_0191_adv.html" - }, - { - "name" : "20060322 Re: PHP-Stats <= 0.1.9.1 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428614/100/0/threaded" - }, - { - "name" : "http://www.phpstats.net/forum/viewtopic.php?t=140", - "refsource" : "MISC", - "url" : "http://www.phpstats.net/forum/viewtopic.php?t=140" - }, - { - "name" : "20060327 Re: PHP-Stats <= 0.1.9.1 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429145/100/0/threaded" - }, - { - "name" : "16963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16963" - }, - { - "name" : "ADV-2006-0822", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0822" - }, - { - "name" : "19116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0822", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0822" + }, + { + "name": "20060322 Re: PHP-Stats <= 0.1.9.1 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/php_stats_0191_adv.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/php_stats_0191_adv.html" + }, + { + "name": "20060304 PHP-Stats <= 0.1.9.1 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded" + }, + { + "name": "20060327 Re: PHP-Stats <= 0.1.9.1 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded" + }, + { + "name": "19116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19116" + }, + { + "name": "16963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16963" + }, + { + "name": "http://www.phpstats.net/forum/viewtopic.php?t=140", + "refsource": "MISC", + "url": "http://www.phpstats.net/forum/viewtopic.php?t=140" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1109.json b/2006/1xxx/CVE-2006-1109.json index d5a6e7b25f8..443b7b40837 100644 --- a/2006/1xxx/CVE-2006-1109.json +++ b/2006/1xxx/CVE-2006-1109.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 Advisory: TotalECommerce (index.asp id) Remote SQL InjectionVulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426765/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=18", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=18" - }, - { - "name" : "16960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16960" - }, - { - "name" : "ADV-2006-0840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0840" - }, - { - "name" : "19103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19103" - }, - { - "name" : "530", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/530" - }, - { - "name" : "totalecommerce-index-sql-injection(25045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16960" + }, + { + "name": "19103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19103" + }, + { + "name": "totalecommerce-index-sql-injection(25045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25045" + }, + { + "name": "20060304 Advisory: TotalECommerce (index.asp id) Remote SQL InjectionVulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426765/100/0/threaded" + }, + { + "name": "530", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/530" + }, + { + "name": "ADV-2006-0840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0840" + }, + { + "name": "http://www.nukedx.com/?viewdoc=18", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=18" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1281.json b/2006/1xxx/CVE-2006-1281.json index f80ecd0604c..ea16e700a46 100644 --- a/2006/1xxx/CVE-2006-1281.json +++ b/2006/1xxx/CVE-2006-1281.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427744/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-296.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-296.html" - }, - { - "name" : "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=7368", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=7368" - }, - { - "name" : "17097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17097" - }, - { - "name" : "17492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17492" - }, - { - "name" : "ADV-2006-0971", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0971" - }, - { - "name" : "23935", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23935" - }, - { - "name" : "19213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19213" - }, - { - "name" : "mybb-member-url-xss(25266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23935", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23935" + }, + { + "name": "17097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17097" + }, + { + "name": "17492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17492" + }, + { + "name": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html" + }, + { + "name": "19213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19213" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=7368", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=7368" + }, + { + "name": "mybb-member-url-xss(25266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266" + }, + { + "name": "ADV-2006-0971", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0971" + }, + { + "name": "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded" + }, + { + "name": "http://kapda.ir/advisory-296.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-296.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1942.json b/2006/1xxx/CVE-2006-1942.json index e0b934d9669..cfcb4942706 100644 --- a/2006/1xxx/CVE-2006-1942.json +++ b/2006/1xxx/CVE-2006-1942.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431267/100/0/threaded" - }, - { - "name" : "20060505 Firefox 1.5.0.3 code execution exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433138/100/0/threaded" - }, - { - "name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" - }, - { - "name" : "20060507 Re: Firefox 1.5.0.3 code execution exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" - }, - { - "name" : "http://www.gavinsharp.com/tmp/ImageVuln.html", - "refsource" : "MISC", - "url" : "http://www.gavinsharp.com/tmp/ImageVuln.html" - }, - { - "name" : "http://www.networksecurity.fi/advisories/netscape-view-image.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/netscape-view-image.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=334341", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" - }, - { - "name" : "DSA-1118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1118" - }, - { - "name" : "DSA-1120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1120" - }, - { - "name" : "DSA-1134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1134" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SUSE-SA:2006:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" - }, - { - "name" : "18228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18228" - }, - { - "name" : "ADV-2006-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2106" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "24713", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24713" - }, - { - "name" : "1016202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016202" - }, - { - "name" : "19698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19698" - }, - { - "name" : "19988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19988" - }, - { - "name" : "20376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20376" - }, - { - "name" : "21183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21183" - }, - { - "name" : "21176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21176" - }, - { - "name" : "21324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21324" - }, - { - "name" : "20063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20063" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "firefox-viewimage-security-bypass(25925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21176" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "24713", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24713" + }, + { + "name": "19698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19698" + }, + { + "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded" + }, + { + "name": "20063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20063" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" + }, + { + "name": "firefox-viewimage-security-bypass(25925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" + }, + { + "name": "20060505 Firefox 1.5.0.3 code execution exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded" + }, + { + "name": "http://www.networksecurity.fi/advisories/netscape-view-image.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html" + }, + { + "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" + }, + { + "name": "20376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20376" + }, + { + "name": "1016202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016202" + }, + { + "name": "18228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18228" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "DSA-1118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1118" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "DSA-1120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1120" + }, + { + "name": "19988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19988" + }, + { + "name": "http://www.gavinsharp.com/tmp/ImageVuln.html", + "refsource": "MISC", + "url": "http://www.gavinsharp.com/tmp/ImageVuln.html" + }, + { + "name": "DSA-1134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1134" + }, + { + "name": "21324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21324" + }, + { + "name": "21183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21183" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "SUSE-SA:2006:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" + }, + { + "name": "ADV-2006-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2106" + }, + { + "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1957.json b/2006/1xxx/CVE-2006-1957.json index def303f360a..3ed8f7c2fc1 100644 --- a/2006/1xxx/CVE-2006-1957.json +++ b/2006/1xxx/CVE-2006-1957.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431317/100/0/threaded" - }, - { - "name" : "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html" - }, - { - "name" : "http://irannetjob.com/content/view/209/28/", - "refsource" : "MISC", - "url" : "http://irannetjob.com/content/view/209/28/" - }, - { - "name" : "http://www.kapda.ir/advisory-313.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-313.html" - }, - { - "name" : "mambo-joomla-rss-dos(26131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html" + }, + { + "name": "http://www.kapda.ir/advisory-313.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-313.html" + }, + { + "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded" + }, + { + "name": "mambo-joomla-rss-dos(26131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131" + }, + { + "name": "http://irannetjob.com/content/view/209/28/", + "refsource": "MISC", + "url": "http://irannetjob.com/content/view/209/28/" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5893.json b/2006/5xxx/CVE-2006-5893.json index 70e4660acff..1d4a921010e 100644 --- a/2006/5xxx/CVE-2006-5893.json +++ b/2006/5xxx/CVE-2006-5893.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 Storystream => 4.0 Remote File Include Vulnerability Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116374093504388&w=2" - }, - { - "name" : "2767", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2767" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217" - }, - { - "name" : "21012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21012" - }, - { - "name" : "ADV-2006-4480", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4480" - }, - { - "name" : "1017252", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017252" - }, - { - "name" : "storystream-mysql-file-include(30191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4480", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4480" + }, + { + "name": "2767", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2767" + }, + { + "name": "1017252", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017252" + }, + { + "name": "20061116 Storystream => 4.0 Remote File Include Vulnerability Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116374093504388&w=2" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217" + }, + { + "name": "storystream-mysql-file-include(30191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30191" + }, + { + "name": "21012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21012" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2805.json b/2007/2xxx/CVE-2007-2805.json index 02004fd8836..aaeda8ce67c 100644 --- a/2007/2xxx/CVE-2007-2805.json +++ b/2007/2xxx/CVE-2007-2805.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html" - }, - { - "name" : "24061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24061" - }, - { - "name" : "37526", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37526" - }, - { - "name" : "clientexec-index-xss(34390)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37526", + "refsource": "OSVDB", + "url": "http://osvdb.org/37526" + }, + { + "name": "clientexec-index-xss(34390)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34390" + }, + { + "name": "24061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24061" + }, + { + "name": "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0302.json b/2010/0xxx/CVE-2010-0302.json index 9b6a476e08e..5163623fbcc 100644 --- a/2010/0xxx/CVE-2010-0302.json +++ b/2010/0xxx/CVE-2010-0302.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=557775", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=557775" - }, - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "http://cups.org/str.php?L3490", - "refsource" : "CONFIRM", - "url" : "http://cups.org/str.php?L3490" - }, - { - "name" : "http://cups.org/articles.php?L596", - "refsource" : "CONFIRM", - "url" : "http://cups.org/articles.php?L596" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "FEDORA-2010-2743", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html" - }, - { - "name" : "GLSA-201207-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml" - }, - { - "name" : "MDVSA-2010:073", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073" - }, - { - "name" : "RHSA-2010:0129", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0129.html" - }, - { - "name" : "USN-906-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-906-1" - }, - { - "name" : "38510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38510" - }, - { - "name" : "oval:org.mitre.oval:def:11216", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216" - }, - { - "name" : "1024124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024124" - }, - { - "name" : "38927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38927" - }, - { - "name" : "38979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38979" - }, - { - "name" : "38785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38785" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "USN-906-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-906-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=557775", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=557775" + }, + { + "name": "oval:org.mitre.oval:def:11216", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "http://cups.org/articles.php?L596", + "refsource": "CONFIRM", + "url": "http://cups.org/articles.php?L596" + }, + { + "name": "1024124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024124" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "GLSA-201207-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201207-10.xml" + }, + { + "name": "FEDORA-2010-2743", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "MDVSA-2010:073", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073" + }, + { + "name": "http://cups.org/str.php?L3490", + "refsource": "CONFIRM", + "url": "http://cups.org/str.php?L3490" + }, + { + "name": "38510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38510" + }, + { + "name": "38785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38785" + }, + { + "name": "RHSA-2010:0129", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0129.html" + }, + { + "name": "38979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38979" + }, + { + "name": "38927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38927" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0444.json b/2010/0xxx/CVE-2010-0444.json index cc758bdf006..e466d911fa2 100644 --- a/2010/0xxx/CVE-2010-0444.json +++ b/2010/0xxx/CVE-2010-0444.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-0444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02487", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126566258722040&w=2" - }, - { - "name" : "SSRT100024", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126566258722040&w=2" - }, - { - "name" : "38150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38150" - }, - { - "name" : "62213", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62213" - }, - { - "name" : "1023555", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38150" + }, + { + "name": "HPSBMA02487", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126566258722040&w=2" + }, + { + "name": "62213", + "refsource": "OSVDB", + "url": "http://osvdb.org/62213" + }, + { + "name": "1023555", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023555" + }, + { + "name": "SSRT100024", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126566258722040&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0724.json b/2010/0xxx/CVE-2010-0724.json index bfcfc0809c5..63a824e766c 100644 --- a/2010/0xxx/CVE-2010-0724.json +++ b/2010/0xxx/CVE-2010-0724.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt" - }, - { - "name" : "11524", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11524" - }, - { - "name" : "38426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38426" - }, - { - "name" : "ADV-2010-0443", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0443", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0443" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt" + }, + { + "name": "11524", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11524" + }, + { + "name": "38426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38426" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1164.json b/2010/1xxx/CVE-2010-1164.json index 40e701d998e..b303a570f26 100644 --- a/2010/1xxx/CVE-2010-1164.json +++ b/2010/1xxx/CVE-2010-1164.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100416 CVE Request: JIRA Issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/16/3" - }, - { - "name" : "[oss-security] 20100416 Re: CVE Request: JIRA Issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/16/4" - }, - { - "name" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16" - }, - { - "name" : "http://jira.atlassian.com/browse/JRA-20994", - "refsource" : "CONFIRM", - "url" : "http://jira.atlassian.com/browse/JRA-20994" - }, - { - "name" : "http://jira.atlassian.com/browse/JRA-21004", - "refsource" : "CONFIRM", - "url" : "http://jira.atlassian.com/browse/JRA-21004" - }, - { - "name" : "39485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39485" - }, - { - "name" : "39353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39353" - }, - { - "name" : "jira-element-xss(57827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57827" - }, - { - "name" : "jira-groupnames-xss(57826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jira-element-xss(57827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57827" + }, + { + "name": "http://jira.atlassian.com/browse/JRA-20994", + "refsource": "CONFIRM", + "url": "http://jira.atlassian.com/browse/JRA-20994" + }, + { + "name": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16" + }, + { + "name": "jira-groupnames-xss(57826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57826" + }, + { + "name": "[oss-security] 20100416 CVE Request: JIRA Issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/16/3" + }, + { + "name": "[oss-security] 20100416 Re: CVE Request: JIRA Issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/16/4" + }, + { + "name": "39353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39353" + }, + { + "name": "39485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39485" + }, + { + "name": "http://jira.atlassian.com/browse/JRA-21004", + "refsource": "CONFIRM", + "url": "http://jira.atlassian.com/browse/JRA-21004" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1330.json b/2010/1xxx/CVE-2010-1330.json index e0ad84d8bff..e2ca6a774b6 100644 --- a/2010/1xxx/CVE-2010-1330.json +++ b/2010/1xxx/CVE-2010-1330.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=317435", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=317435" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750306", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750306" - }, - { - "name" : "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html" - }, - { - "name" : "RHSA-2011:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1456.html" - }, - { - "name" : "77297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77297" - }, - { - "name" : "46891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46891" - }, - { - "name" : "jruby-expression-engine-xss(80277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750306", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306" + }, + { + "name": "RHSA-2011:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=317435", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=317435" + }, + { + "name": "77297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77297" + }, + { + "name": "46891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46891" + }, + { + "name": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html", + "refsource": "CONFIRM", + "url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html" + }, + { + "name": "jruby-expression-engine-xss(80277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1616.json b/2010/1xxx/CVE-2010-1616.json index 47c56e42c5e..fade7241136 100644 --- a/2010/1xxx/CVE-2010-1616.json +++ b/2010/1xxx/CVE-2010-1616.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tracker.moodle.org/browse/MDL-16658", - "refsource" : "MISC", - "url" : "http://tracker.moodle.org/browse/MDL-16658" - }, - { - "name" : "http://moodle.org/security/", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/security/" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "http://moodle.org/security/", + "refsource": "CONFIRM", + "url": "http://moodle.org/security/" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "http://tracker.moodle.org/browse/MDL-16658", + "refsource": "MISC", + "url": "http://tracker.moodle.org/browse/MDL-16658" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1928.json b/2010/1xxx/CVE-2010-1928.json index 3380f86b62b..b85231e1c20 100644 --- a/2010/1xxx/CVE-2010-1928.json +++ b/2010/1xxx/CVE-2010-1928.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12365", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12365" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt" - }, - { - "name" : "64185", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64185" - }, - { - "name" : "39606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39606" - }, - { - "name" : "openpresse-soustab-file-include(58090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64185", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64185" + }, + { + "name": "openpresse-soustab-file-include(58090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58090" + }, + { + "name": "39606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39606" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt" + }, + { + "name": "12365", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12365" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3193.json b/2010/3xxx/CVE-2010-3193.json index b3d7f798914..bb769835fcd 100644 --- a/2010/3xxx/CVE-2010-3193.json +++ b/2010/3xxx/CVE-2010-3193.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" - }, - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IC65408", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408" - }, - { - "name" : "IC65703", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703" - }, - { - "name" : "IC65742", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742" - }, - { - "name" : "oval:org.mitre.oval:def:14190", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190" - }, - { - "name" : "41218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41218" - }, - { - "name" : "ADV-2010-2225", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2225" - }, - { - "name" : "db2-db2stst-unspecified(61444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2225", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2225" + }, + { + "name": "db2-db2stst-unspecified(61444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444" + }, + { + "name": "41218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41218" + }, + { + "name": "IC65742", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" + }, + { + "name": "IC65703", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703" + }, + { + "name": "oval:org.mitre.oval:def:14190", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190" + }, + { + "name": "IC65408", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3213.json b/2010/3xxx/CVE-2010-3213.json index b3dd3e470e6..321496d64d5 100644 --- a/2010/3xxx/CVE-2010-3213.json +++ b/2010/3xxx/CVE-2010-3213.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14285", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14285" - }, - { - "name" : "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails", - "refsource" : "MISC", - "url" : "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails" - }, - { - "name" : "41462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41462" - }, - { - "name" : "ms-owa-csrf(60164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41462" + }, + { + "name": "ms-owa-csrf(60164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60164" + }, + { + "name": "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails", + "refsource": "MISC", + "url": "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails" + }, + { + "name": "14285", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14285" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3477.json b/2010/3xxx/CVE-2010-3477.json index 1543e6c2638..8f9c3b19c7c 100644 --- a/2010/3xxx/CVE-2010-3477.json +++ b/2010/3xxx/CVE-2010-3477.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "RHSA-2010:0779", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0779.html" - }, - { - "name" : "RHSA-2010:0839", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0839.html" - }, - { - "name" : "RHSA-2011:0007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" - }, - { - "name" : "USN-1000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1000-1" - }, - { - "name" : "1024603", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024603" - }, - { - "name" : "42890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42890" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024603", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024603" + }, + { + "name": "USN-1000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1000-1" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "RHSA-2011:0007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e" + }, + { + "name": "RHSA-2010:0839", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0839.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "42890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42890" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4" + }, + { + "name": "RHSA-2010:0779", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3736.json b/2010/3xxx/CVE-2010-3736.json index 868f4c104a8..df555c19287 100644 --- a/2010/3xxx/CVE-2010-3736.json +++ b/2010/3xxx/CVE-2010-3736.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IC68182", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182" - }, - { - "name" : "oval:org.mitre.oval:def:13859", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13859", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859" + }, + { + "name": "IC68182", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4208.json b/2010/4xxx/CVE-2010-4208.json index 68797afce6e..03346eb4cfd 100644 --- a/2010/4xxx/CVE-2010-4208.json +++ b/2010/4xxx/CVE-2010-4208.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514622" - }, - { - "name" : "[oss-security] 20101107 Re: CVE request: moodle 1.9.10", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/07/1" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=160910", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=160910" - }, - { - "name" : "http://www.bugzilla.org/security/3.2.8/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.8/" - }, - { - "name" : "http://yuilibrary.com/support/2.8.2/", - "refsource" : "CONFIRM", - "url" : "http://yuilibrary.com/support/2.8.2/" - }, - { - "name" : "FEDORA-2010-17235", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html" - }, - { - "name" : "FEDORA-2010-17274", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html" - }, - { - "name" : "FEDORA-2010-17280", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html" - }, - { - "name" : "SUSE-SR:2010:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" - }, - { - "name" : "44420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44420" - }, - { - "name" : "1024683", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024683" - }, - { - "name" : "41955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41955" - }, - { - "name" : "42271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42271" - }, - { - "name" : "ADV-2010-2878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2878" - }, - { - "name" : "ADV-2010-2975", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=160910", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=160910" + }, + { + "name": "FEDORA-2010-17280", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html" + }, + { + "name": "http://yuilibrary.com/support/2.8.2/", + "refsource": "CONFIRM", + "url": "http://yuilibrary.com/support/2.8.2/" + }, + { + "name": "ADV-2010-2878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2878" + }, + { + "name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514622" + }, + { + "name": "http://www.bugzilla.org/security/3.2.8/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.8/" + }, + { + "name": "FEDORA-2010-17274", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html" + }, + { + "name": "41955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41955" + }, + { + "name": "1024683", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024683" + }, + { + "name": "44420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44420" + }, + { + "name": "SUSE-SR:2010:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html" + }, + { + "name": "FEDORA-2010-17235", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html" + }, + { + "name": "ADV-2010-2975", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2975" + }, + { + "name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/07/1" + }, + { + "name": "42271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42271" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4381.json b/2010/4xxx/CVE-2010-4381.json index 6f04c6f8a5c..a54fd9a0311 100644 --- a/2010/4xxx/CVE-2010-4381.json +++ b/2010/4xxx/CVE-2010-4381.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4650.json b/2010/4xxx/CVE-2010-4650.json index 39e75747868..c2052a36aa1 100644 --- a/2010/4xxx/CVE-2010-4650.json +++ b/2010/4xxx/CVE-2010-4650.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/06/18" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667892", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667892" - }, - { - "name" : "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/06/18" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" + }, + { + "name": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667892", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667892" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0868.json b/2014/0xxx/CVE-2014-0868.json index 8e8fe0382dc..7ba61f28034 100644 --- a/2014/0xxx/CVE-2014-0868.json +++ b/2014/0xxx/CVE-2014-0868.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532598/100/0/threaded" - }, - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/173" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" - }, - { - "name" : "59296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59296" - }, - { - "name" : "ibm-aclm-cve20140868-sec-bypass(90942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" + }, + { + "name": "ibm-aclm-cve20140868-sec-bypass(90942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90942" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded" + }, + { + "name": "59296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59296" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/173" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4063.json b/2014/4xxx/CVE-2014-4063.json index c493e4f1800..238dc75c158 100644 --- a/2014/4xxx/CVE-2014-4063.json +++ b/2014/4xxx/CVE-2014-4063.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69132" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69132" + }, + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4284.json b/2014/4xxx/CVE-2014-4284.json index 069072de7bc..18ff75d6791 100644 --- a/2014/4xxx/CVE-2014-4284.json +++ b/2014/4xxx/CVE-2014-4284.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70554" - }, - { - "name" : "1031032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031032" - }, - { - "name" : "61593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70554" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "1031032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031032" + }, + { + "name": "61593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61593" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4332.json b/2014/4xxx/CVE-2014-4332.json index 21544ed42d1..b1b7a0465df 100644 --- a/2014/4xxx/CVE-2014-4332.json +++ b/2014/4xxx/CVE-2014-4332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4332", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4332", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8356.json b/2014/8xxx/CVE-2014-8356.json index b635a01464f..413eeb882ab 100644 --- a/2014/8xxx/CVE-2014-8356.json +++ b/2014/8xxx/CVE-2014-8356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8391.json b/2014/8xxx/CVE-2014-8391.json index 660d89d45fc..2f2da3dd63b 100644 --- a/2014/8xxx/CVE-2014-8391.json +++ b/2014/8xxx/CVE-2014-8391.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535592/100/0/threaded" - }, - { - "name" : "37114", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37114/" - }, - { - "name" : "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/95" - }, - { - "name" : "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html" - }, - { - "name" : "http://www.sendio.com/software-release-history/", - "refsource" : "CONFIRM", - "url" : "http://www.sendio.com/software-release-history/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/95" + }, + { + "name": "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html" + }, + { + "name": "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535592/100/0/threaded" + }, + { + "name": "37114", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37114/" + }, + { + "name": "http://www.sendio.com/software-release-history/", + "refsource": "CONFIRM", + "url": "http://www.sendio.com/software-release-history/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8715.json b/2014/8xxx/CVE-2014-8715.json index 48f51e6816c..0c5efdfb844 100644 --- a/2014/8xxx/CVE-2014-8715.json +++ b/2014/8xxx/CVE-2014-8715.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8715", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8715", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8894.json b/2014/8xxx/CVE-2014-8894.json index a29f93fdea6..d7fbe73a80e 100644 --- a/2014/8xxx/CVE-2014-8894.json +++ b/2014/8xxx/CVE-2014-8894.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694772", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694772" - }, - { - "name" : "72408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72408" - }, - { - "name" : "62674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62674" - }, - { - "name" : "ibm-tririga-cve20148894-redirect(99013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tririga-cve20148894-redirect(99013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013" + }, + { + "name": "72408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72408" + }, + { + "name": "62674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62674" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9318.json b/2014/9xxx/CVE-2014-9318.json index 45610b54003..a18c0ae69d1 100644 --- a/2014/9xxx/CVE-2014-9318.json +++ b/2014/9xxx/CVE-2014-9318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff" - }, - { - "name" : "https://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff" + }, + { + "name": "https://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9326.json b/2014/9xxx/CVE-2014-9326.json index 1a0a3ffcad8..f1113694d8a 100644 --- a/2014/9xxx/CVE-2014-9326.json +++ b/2014/9xxx/CVE-2014-9326.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html" - }, - { - "name" : "1032305", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032305", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032305" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9385.json b/2014/9xxx/CVE-2014-9385.json index 103db340374..7711f072100 100644 --- a/2014/9xxx/CVE-2014-9385.json +++ b/2014/9xxx/CVE-2014-9385.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-9385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9543.json b/2014/9xxx/CVE-2014-9543.json index ae08c18d79f..66c2dd50010 100644 --- a/2014/9xxx/CVE-2014-9543.json +++ b/2014/9xxx/CVE-2014-9543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9738.json b/2014/9xxx/CVE-2014-9738.json index ed2eeeab02f..9af9604eb17 100644 --- a/2014/9xxx/CVE-2014-9738.json +++ b/2014/9xxx/CVE-2014-9738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2378401", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2378401" - }, - { - "name" : "https://www.drupal.org/node/2378289", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2378289" - }, - { - "name" : "71198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71198" + }, + { + "name": "https://www.drupal.org/node/2378401", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2378401" + }, + { + "name": "https://www.drupal.org/node/2378289", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2378289" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3196.json b/2016/3xxx/CVE-2016-3196.json index 4335ebbd976..d203bb3bb89 100644 --- a/2016/3xxx/CVE-2016-3196.json +++ b/2016/3xxx/CVE-2016-3196.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539069/100/0/threaded" - }, - { - "name" : "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/4" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=1687", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=1687" - }, - { - "name" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability" - }, - { - "name" : "92203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92203" - }, - { - "name" : "1036551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036551" - }, - { - "name" : "1036550", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92203" + }, + { + "name": "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/4" + }, + { + "name": "1036550", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036550" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=1687", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=1687" + }, + { + "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability" + }, + { + "name": "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded" + }, + { + "name": "1036551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036551" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3213.json b/2016/3xxx/CVE-2016-3213.json index a6b1840140c..1343bb4dd9f 100644 --- a/2016/3xxx/CVE-2016-3213.json +++ b/2016/3xxx/CVE-2016-3213.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka \"WPAD Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" - }, - { - "name" : "MS16-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077" - }, - { - "name" : "1036096", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036096" - }, - { - "name" : "1036104", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka \"WPAD Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077" + }, + { + "name": "MS16-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" + }, + { + "name": "1036096", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036096" + }, + { + "name": "1036104", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036104" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3297.json b/2016/3xxx/CVE-2016-3297.json index 19a2c8e84de..7b0142d9d3c 100644 --- a/2016/3xxx/CVE-2016-3297.json +++ b/2016/3xxx/CVE-2016-3297.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-104", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" - }, - { - "name" : "MS16-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" - }, - { - "name" : "92829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92829" - }, - { - "name" : "1036788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036788" - }, - { - "name" : "1036789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036789" + }, + { + "name": "MS16-104", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" + }, + { + "name": "MS16-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" + }, + { + "name": "92829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92829" + }, + { + "name": "1036788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036788" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3320.json b/2016/3xxx/CVE-2016-3320.json index 05adc41f97f..fa80cf37b7a 100644 --- a/2016/3xxx/CVE-2016-3320.json +++ b/2016/3xxx/CVE-2016-3320.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka \"Secure Boot Security Feature Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2016-0f013aee39", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/" - }, - { - "name" : "MS16-100", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100" - }, - { - "name" : "92304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92304" - }, - { - "name" : "1036573", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka \"Secure Boot Security Feature Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92304" + }, + { + "name": "MS16-100", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100" + }, + { + "name": "1036573", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036573" + }, + { + "name": "FEDORA-2016-0f013aee39", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3404.json b/2016/3xxx/CVE-2016-3404.json index 0aa157d37af..ee0fa585d58 100644 --- a/2016/3xxx/CVE-2016-3404.json +++ b/2016/3xxx/CVE-2016-3404.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - }, - { - "name" : "95894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "name": "95894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95894" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3923.json b/2016/3xxx/CVE-2016-3923.json index daaeadfce0f..3735c883823 100644 --- a/2016/3xxx/CVE-2016-3923.json +++ b/2016/3xxx/CVE-2016-3923.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc" - }, - { - "name" : "93310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93310" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3949.json b/2016/3xxx/CVE-2016-3949.json index 457cb803f19..f3effd8acf3 100644 --- a/2016/3xxx/CVE-2016-3949.json +++ b/2016/3xxx/CVE-2016-3949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf" - }, - { - "name" : "1036089", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf" + }, + { + "name": "1036089", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036089" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6026.json b/2016/6xxx/CVE-2016-6026.json index f61e77b2095..9870689dc9a 100644 --- a/2016/6xxx/CVE-2016-6026.json +++ b/2016/6xxx/CVE-2016-6026.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278" - }, - { - "name" : "93342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93342" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6059.json b/2016/6xxx/CVE-2016-6059.json index 0b5daacd869..4a4c1797d42 100644 --- a/2016/6xxx/CVE-2016-6059.json +++ b/2016/6xxx/CVE-2016-6059.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.1" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5.0.1" - }, - { - "version_value" : "8.7" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "10.0" - }, - { - "version_value" : "11.3" - }, - { - "version_value" : "10" - }, - { - "version_value" : "11.3.0.0" - }, - { - "version_value" : "11.3.1.0" - }, - { - "version_value" : "11.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "8.1" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5.0.1" + }, + { + "version_value": "8.7" + }, + { + "version_value": "9.1" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "10.0" + }, + { + "version_value": "11.3" + }, + { + "version_value": "10" + }, + { + "version_value": "11.3.0.0" + }, + { + "version_value": "11.3.1.0" + }, + { + "version_value": "11.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21991683", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21991683" - }, - { - "name" : "94032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94032" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21991683", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21991683" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6156.json b/2016/6xxx/CVE-2016-6156.json index 699b88527c5..ab9ca5620f5 100644 --- a/2016/6xxx/CVE-2016-6156.json +++ b/2016/6xxx/CVE-2016-6156.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Jul/20" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=120131", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=120131" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353490", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353490" - }, - { - "name" : "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e" - }, - { - "name" : "91553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=120131", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120131" + }, + { + "name": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e" + }, + { + "name": "91553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91553" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490" + }, + { + "name": "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Jul/20" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6469.json b/2016/6xxx/CVE-2016-6469.json index df0dba84d2a..9217d4ba024 100644 --- a/2016/6xxx/CVE-2016-6469.json +++ b/2016/6xxx/CVE-2016-6469.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Web Security Appliance (WSA)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Web Security Appliance (WSA)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Web Security Appliance (WSA)", + "version": { + "version_data": [ + { + "version_value": "Cisco Web Security Appliance (WSA)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa" - }, - { - "name" : "94775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa" + }, + { + "name": "94775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94775" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6597.json b/2016/6xxx/CVE-2016-6597.json index 74d98355e02..45556b265fa 100644 --- a/2016/6xxx/CVE-2016-6597.json +++ b/2016/6xxx/CVE-2016-6597.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160805 Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539126/100/0/threaded" - }, - { - "name" : "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability", - "refsource" : "MISC", - "url" : "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability" - }, - { - "name" : "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html" - }, - { - "name" : "92351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92351" + }, + { + "name": "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability", + "refsource": "MISC", + "url": "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability" + }, + { + "name": "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html" + }, + { + "name": "20160805 Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539126/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6996.json b/2016/6xxx/CVE-2016-6996.json index ce1433902f8..11ec4dec9b3 100644 --- a/2016/6xxx/CVE-2016-6996.json +++ b/2016/6xxx/CVE-2016-6996.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-6996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7591.json b/2016/7xxx/CVE-2016-7591.json index eee4644dd36..83c08e8cf1c 100644 --- a/2016/7xxx/CVE-2016-7591.json +++ b/2016/7xxx/CVE-2016-7591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7602.json b/2016/7xxx/CVE-2016-7602.json index eec4a0e3c2d..11e8875e728 100644 --- a/2016/7xxx/CVE-2016-7602.json +++ b/2016/7xxx/CVE-2016-7602.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7725.json b/2016/7xxx/CVE-2016-7725.json index 38b9afb50d6..6fef3086fa7 100644 --- a/2016/7xxx/CVE-2016-7725.json +++ b/2016/7xxx/CVE-2016-7725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7725", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7725", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8037.json b/2016/8xxx/CVE-2016-8037.json index 272fb23c7e3..8d64bab96b3 100644 --- a/2016/8xxx/CVE-2016-8037.json +++ b/2016/8xxx/CVE-2016-8037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8037", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8037", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8047.json b/2016/8xxx/CVE-2016-8047.json index 9633e6d8590..cfadbfebde7 100644 --- a/2016/8xxx/CVE-2016-8047.json +++ b/2016/8xxx/CVE-2016-8047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8610.json b/2016/8xxx/CVE-2016-8610.json index c44430be98b..d87c47e54da 100644 --- a/2016/8xxx/CVE-2016-8610.json +++ b/2016/8xxx/CVE-2016-8610.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2016-10-24T00:00:00", - "ID" : "CVE-2016-8610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "All 0.9.8" - }, - { - "version_value" : "All 1.0.1" - }, - { - "version_value" : "1.0.2 through 1.0.2h" - }, - { - "version_value" : "1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2016-10-24T00:00:00", + "ID": "CVE-2016-8610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "All 0.9.8" + }, + { + "version_value": "All 1.0.1" + }, + { + "version_value": "1.0.2 through 1.0.2h" + }, + { + "version_value": "1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2016/q4/224" - }, - { - "name" : "https://security.360.cn/cve/CVE-2016-8610/", - "refsource" : "MISC", - "url" : "https://security.360.cn/cve/CVE-2016-8610/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171130-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171130-0001/" - }, - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/87", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/87" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" - }, - { - "name" : "DSA-3773", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3773" - }, - { - "name" : "FreeBSD-SA-16:35", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" - }, - { - "name" : "RHSA-2017:0286", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0286.html" - }, - { - "name" : "RHSA-2017:0574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0574.html" - }, - { - "name" : "RHSA-2017:1413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1413" - }, - { - "name" : "RHSA-2017:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1414" - }, - { - "name" : "RHSA-2017:1415", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html" - }, - { - "name" : "RHSA-2017:1658", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1658" - }, - { - "name" : "RHSA-2017:1659", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1659.html" - }, - { - "name" : "RHSA-2017:1801", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1801" - }, - { - "name" : "RHSA-2017:1802", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1802" - }, - { - "name" : "RHSA-2017:2493", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2493" - }, - { - "name" : "RHSA-2017:2494", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2494" - }, - { - "name" : "93841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93841" - }, - { - "name" : "1037084", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93841" + }, + { + "name": "RHSA-2017:1659", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html" + }, + { + "name": "RHSA-2017:1658", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1658" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171130-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171130-0001/" + }, + { + "name": "RHSA-2017:1801", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1801" + }, + { + "name": "RHSA-2017:0286", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html" + }, + { + "name": "RHSA-2017:1413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1413" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87" + }, + { + "name": "RHSA-2017:2494", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2494" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610" + }, + { + "name": "FreeBSD-SA-16:35", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc" + }, + { + "name": "RHSA-2017:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1414" + }, + { + "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2016/q4/224" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" + }, + { + "name": "https://security.360.cn/cve/CVE-2016-8610/", + "refsource": "MISC", + "url": "https://security.360.cn/cve/CVE-2016-8610/" + }, + { + "name": "RHSA-2017:0574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" + }, + { + "name": "DSA-3773", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3773" + }, + { + "name": "RHSA-2017:1415", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + }, + { + "name": "1037084", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037084" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us" + }, + { + "name": "RHSA-2017:1802", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1802" + }, + { + "name": "RHSA-2017:2493", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2493" + } + ] + } +} \ No newline at end of file