From fee733b2fcdab1d41bc884dbba3e8275b41f3a54 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:50:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0436.json | 220 +++++++++--------- 2006/1xxx/CVE-2006-1282.json | 170 +++++++------- 2006/1xxx/CVE-2006-1322.json | 180 +++++++-------- 2006/1xxx/CVE-2006-1962.json | 190 +++++++-------- 2006/5xxx/CVE-2006-5053.json | 170 +++++++------- 2006/5xxx/CVE-2006-5322.json | 140 +++++------ 2006/5xxx/CVE-2006-5486.json | 170 +++++++------- 2006/5xxx/CVE-2006-5538.json | 130 +++++------ 2007/2xxx/CVE-2007-2415.json | 160 ++++++------- 2007/2xxx/CVE-2007-2650.json | 290 +++++++++++------------ 2010/0xxx/CVE-2010-0007.json | 410 ++++++++++++++++----------------- 2010/0xxx/CVE-2010-0258.json | 160 ++++++------- 2010/0xxx/CVE-2010-0596.json | 160 ++++++------- 2010/0xxx/CVE-2010-0905.json | 120 +++++----- 2010/1xxx/CVE-2010-1075.json | 140 +++++------ 2010/1xxx/CVE-2010-1273.json | 150 ++++++------ 2010/1xxx/CVE-2010-1708.json | 150 ++++++------ 2010/1xxx/CVE-2010-1812.json | 310 ++++++++++++------------- 2010/1xxx/CVE-2010-1959.json | 170 +++++++------- 2010/3xxx/CVE-2010-3874.json | 410 ++++++++++++++++----------------- 2010/4xxx/CVE-2010-4043.json | 180 +++++++-------- 2010/4xxx/CVE-2010-4289.json | 34 +-- 2010/4xxx/CVE-2010-4317.json | 34 +-- 2010/4xxx/CVE-2010-4648.json | 160 ++++++------- 2010/4xxx/CVE-2010-4888.json | 120 +++++----- 2014/0xxx/CVE-2014-0002.json | 180 +++++++-------- 2014/0xxx/CVE-2014-0377.json | 180 +++++++-------- 2014/0xxx/CVE-2014-0473.json | 180 +++++++-------- 2014/10xxx/CVE-2014-10032.json | 140 +++++------ 2014/4xxx/CVE-2014-4561.json | 34 +-- 2014/4xxx/CVE-2014-4851.json | 120 +++++----- 2014/9xxx/CVE-2014-9033.json | 180 +++++++-------- 2014/9xxx/CVE-2014-9167.json | 34 +-- 2014/9xxx/CVE-2014-9383.json | 34 +-- 2014/9xxx/CVE-2014-9636.json | 250 ++++++++++---------- 2014/9xxx/CVE-2014-9853.json | 220 +++++++++--------- 2014/9xxx/CVE-2014-9894.json | 140 +++++------ 2016/3xxx/CVE-2016-3142.json | 240 +++++++++---------- 2016/3xxx/CVE-2016-3228.json | 130 +++++------ 2016/3xxx/CVE-2016-3305.json | 140 +++++------ 2016/3xxx/CVE-2016-3596.json | 170 +++++++------- 2016/3xxx/CVE-2016-3799.json | 120 +++++----- 2016/3xxx/CVE-2016-3972.json | 130 +++++------ 2016/6xxx/CVE-2016-6480.json | 250 ++++++++++---------- 2016/6xxx/CVE-2016-6549.json | 162 ++++++------- 2016/6xxx/CVE-2016-6730.json | 130 +++++------ 2016/7xxx/CVE-2016-7064.json | 34 +-- 2016/7xxx/CVE-2016-7596.json | 140 +++++------ 2016/7xxx/CVE-2016-7629.json | 140 +++++------ 2016/7xxx/CVE-2016-7831.json | 150 ++++++------ 2016/8xxx/CVE-2016-8369.json | 130 +++++------ 2016/8xxx/CVE-2016-8921.json | 202 ++++++++-------- 52 files changed, 4244 insertions(+), 4244 deletions(-) diff --git a/2006/0xxx/CVE-2006-0436.json b/2006/0xxx/CVE-2006-0436.json index 62508d37693..76799c40edf 100644 --- a/2006/0xxx/CVE-2006-0436.json +++ b/2006/0xxx/CVE-2006-0436.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm" - }, - { - "name" : "HPSBUX02091", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401" - }, - { - "name" : "SSRT061099", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401" - }, - { - "name" : "ADV-2006-0322", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0322" - }, - { - "name" : "oval:org.mitre.oval:def:1453", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1453" - }, - { - "name" : "oval:org.mitre.oval:def:1577", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1577" - }, - { - "name" : "oval:org.mitre.oval:def:1586", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1586" - }, - { - "name" : "1015530", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015530" - }, - { - "name" : "18600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18600" - }, - { - "name" : "18596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18596" - }, - { - "name" : "hpux-unspecified-privilege-escalation(24318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT061099", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401" + }, + { + "name": "18600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18600" + }, + { + "name": "oval:org.mitre.oval:def:1577", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1577" + }, + { + "name": "ADV-2006-0322", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0322" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-025.htm" + }, + { + "name": "hpux-unspecified-privilege-escalation(24318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24318" + }, + { + "name": "18596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18596" + }, + { + "name": "1015530", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015530" + }, + { + "name": "HPSBUX02091", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00591401" + }, + { + "name": "oval:org.mitre.oval:def:1453", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1453" + }, + { + "name": "oval:org.mitre.oval:def:1586", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1586" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1282.json b/2006/1xxx/CVE-2006-1282.json index 09c6d92cc00..f0dd253b363 100644 --- a/2006/1xxx/CVE-2006-1282.json +++ b/2006/1xxx/CVE-2006-1282.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427747/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-295.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-295.html" - }, - { - "name" : "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=7368", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=7368" - }, - { - "name" : "17097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17097" - }, - { - "name" : "mybb-crlf-header-injection(25267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded" + }, + { + "name": "17097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17097" + }, + { + "name": "mybb-crlf-header-injection(25267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267" + }, + { + "name": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=7368", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=7368" + }, + { + "name": "http://kapda.ir/advisory-295.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-295.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1322.json b/2006/1xxx/CVE-2006-1322.json index de77b71284a..57d87c94d95 100644 --- a/2006/1xxx/CVE-2006-1322.json +++ b/2006/1xxx/CVE-2006-1322.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm" - }, - { - "name" : "17137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17137" - }, - { - "name" : "ADV-2006-0975", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0975" - }, - { - "name" : "23949", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23949" - }, - { - "name" : "1015781", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015781" - }, - { - "name" : "19265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19265" - }, - { - "name" : "netware-nwftpd-mdtm-dos(25289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0975", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0975" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973435.htm" + }, + { + "name": "23949", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23949" + }, + { + "name": "1015781", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015781" + }, + { + "name": "17137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17137" + }, + { + "name": "netware-nwftpd-mdtm-dos(25289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25289" + }, + { + "name": "19265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19265" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1962.json b/2006/1xxx/CVE-2006-1962.json index f45e4049a83..771c7eb67b4 100644 --- a/2006/1xxx/CVE-2006-1962.json +++ b/2006/1xxx/CVE-2006-1962.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060419 PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431390/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/pcpin_504_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/pcpin_504_xpl.html" - }, - { - "name" : "20060604 Re: PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436029/100/0/threaded" - }, - { - "name" : "17632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17632" - }, - { - "name" : "ADV-2006-1441", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1441" - }, - { - "name" : "1015968", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015968" - }, - { - "name" : "19708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19708" - }, - { - "name" : "pcpin-chat-main-sql-injection(25961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pcpin-chat-main-sql-injection(25961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25961" + }, + { + "name": "20060604 Re: PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436029/100/0/threaded" + }, + { + "name": "ADV-2006-1441", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1441" + }, + { + "name": "1015968", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015968" + }, + { + "name": "20060419 PCPIN Chat <= 5.0.4 \"login/language\" remote cmmnds xctn", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431390/100/0/threaded" + }, + { + "name": "17632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17632" + }, + { + "name": "http://retrogod.altervista.org/pcpin_504_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/pcpin_504_xpl.html" + }, + { + "name": "19708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19708" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5053.json b/2006/5xxx/CVE-2006-5053.json index 543e479205f..e6770b5e085 100644 --- a/2006/5xxx/CVE-2006-5053.json +++ b/2006/5xxx/CVE-2006-5053.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2419", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2419" - }, - { - "name" : "20166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20166" - }, - { - "name" : "ADV-2006-3763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3763" - }, - { - "name" : "29106", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29106" - }, - { - "name" : "22075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22075" - }, - { - "name" : "web-news-template-file-include(29119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29106", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29106" + }, + { + "name": "2419", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2419" + }, + { + "name": "22075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22075" + }, + { + "name": "ADV-2006-3763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3763" + }, + { + "name": "web-news-template-file-include(29119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29119" + }, + { + "name": "20166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20166" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5322.json b/2006/5xxx/CVE-2006-5322.json index 86a9548a6d4..551a73ba2fa 100644 --- a/2006/5xxx/CVE-2006-5322.json +++ b/2006/5xxx/CVE-2006-5322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phplist.com/news", - "refsource" : "MISC", - "url" : "http://www.phplist.com/news" - }, - { - "name" : "http://tincan.co.uk/?lid=1821", - "refsource" : "CONFIRM", - "url" : "http://tincan.co.uk/?lid=1821" - }, - { - "name" : "phplist-unspecified-sql-injection(29637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phplist.com/news", + "refsource": "MISC", + "url": "http://www.phplist.com/news" + }, + { + "name": "phplist-unspecified-sql-injection(29637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29637" + }, + { + "name": "http://tincan.co.uk/?lid=1821", + "refsource": "CONFIRM", + "url": "http://tincan.co.uk/?lid=1821" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5486.json b/2006/5xxx/CVE-2006-5486.json index 75c9bfc1b45..57c713eb718 100644 --- a/2006/5xxx/CVE-2006-5486.json +++ b/2006/5xxx/CVE-2006-5486.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102497", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1" - }, - { - "name" : "20708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20708" - }, - { - "name" : "ADV-2006-4183", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4183" - }, - { - "name" : "1017113", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017113" - }, - { - "name" : "22575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22575" - }, - { - "name" : "java-webmail-xss(29806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20708" + }, + { + "name": "1017113", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017113" + }, + { + "name": "102497", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1" + }, + { + "name": "22575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22575" + }, + { + "name": "ADV-2006-4183", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4183" + }, + { + "name": "java-webmail-xss(29806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29806" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5538.json b/2006/5xxx/CVE-2006-5538.json index 84679254dbc..8e33016515c 100644 --- a/2006/5xxx/CVE-2006-5538.json +++ b/2006/5xxx/CVE-2006-5538.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 D-Link DSL-G624T several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449486/100/0/threaded" - }, - { - "name" : "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html", + "refsource": "MISC", + "url": "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html" + }, + { + "name": "20061023 D-Link DSL-G624T several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449486/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2415.json b/2007/2xxx/CVE-2007-2415.json index a61fd216f17..5d701dfde0e 100644 --- a/2007/2xxx/CVE-2007-2415.json +++ b/2007/2xxx/CVE-2007-2415.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392" - }, - { - "name" : "23713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23713" - }, - { - "name" : "ADV-2007-1579", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1579" - }, - { - "name" : "25009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25009" - }, - { - "name" : "pi3web-http-dos(33967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23713" + }, + { + "name": "pi3web-http-dos(33967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967" + }, + { + "name": "ADV-2007-1579", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1579" + }, + { + "name": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392" + }, + { + "name": "25009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25009" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2650.json b/2007/2xxx/CVE-2007-2650.json index e8fb3e06717..6ad12646305 100644 --- a/2007/2xxx/CVE-2007-2650.json +++ b/2007/2xxx/CVE-2007-2650.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[clamav-devel] 20070418 Bug in OLE2 file parser", - "refsource" : "MLIST", - "url" : "http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html" - }, - { - "name" : "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853", - "refsource" : "MISC", - "url" : "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853" - }, - { - "name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-15.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-15.txt" - }, - { - "name" : "DSA-1320", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1320" - }, - { - "name" : "GLSA-200706-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-05.xml" - }, - { - "name" : "MDKSA-2007:115", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:115" - }, - { - "name" : "SUSE-SA:2007:033", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_33_clamav.html" - }, - { - "name" : "2007-0020", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0020/" - }, - { - "name" : "24316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24316" - }, - { - "name" : "ADV-2007-1776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1776" - }, - { - "name" : "25244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25244" - }, - { - "name" : "25553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25553" - }, - { - "name" : "25523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25523" - }, - { - "name" : "25525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25525" - }, - { - "name" : "25558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25558" - }, - { - "name" : "25688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25688" - }, - { - "name" : "25796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25796" + }, + { + "name": "[clamav-devel] 20070418 Bug in OLE2 file parser", + "refsource": "MLIST", + "url": "http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html" + }, + { + "name": "SUSE-SA:2007:033", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html" + }, + { + "name": "25525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25525" + }, + { + "name": "25553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25553" + }, + { + "name": "ADV-2007-1776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1776" + }, + { + "name": "25523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25523" + }, + { + "name": "DSA-1320", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1320" + }, + { + "name": "2007-0020", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0020/" + }, + { + "name": "24316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24316" + }, + { + "name": "MDKSA-2007:115", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:115" + }, + { + "name": "25244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25244" + }, + { + "name": "25558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25558" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-15.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-15.txt" + }, + { + "name": "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853", + "refsource": "MISC", + "url": "http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853" + }, + { + "name": "25688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25688" + }, + { + "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" + }, + { + "name": "GLSA-200706-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0007.json b/2010/0xxx/CVE-2010-0007.json index f2a16ca59ee..af2b697b59a 100644 --- a/2010/0xxx/CVE-2010-0007.json +++ b/2010/0xxx/CVE-2010-0007.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100113 CVE Request: kernel ebtables perm check", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/14/1" - }, - { - "name" : "[oss-security] 20100114 Re: CVE Request: kernel ebtables perm check", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/14/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=555238", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=555238" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-1996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1996" - }, - { - "name" : "DSA-2005", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2005" - }, - { - "name" : "FEDORA-2010-0919", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "RHSA-2010:0146", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0146.html" - }, - { - "name" : "RHSA-2010:0161", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0161.html" - }, - { - "name" : "RHSA-2010:0147", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0147.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" - }, - { - "name" : "SUSE-SA:2010:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" - }, - { - "name" : "SUSE-SA:2010:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html" - }, - { - "name" : "SUSE-SA:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" - }, - { - "name" : "37762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37762" - }, - { - "name" : "oval:org.mitre.oval:def:9630", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9630" - }, - { - "name" : "38133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38133" - }, - { - "name" : "38333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38333" - }, - { - "name" : "38492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38492" - }, - { - "name" : "38296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38296" - }, - { - "name" : "38779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38779" - }, - { - "name" : "39033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39033" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "ADV-2010-0109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0109" - }, - { - "name" : "kernel-ebtables-security-bypass(55602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0146", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0146.html" + }, + { + "name": "RHSA-2010:0147", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0147.html" + }, + { + "name": "SUSE-SA:2010:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html" + }, + { + "name": "[oss-security] 20100114 Re: CVE Request: kernel ebtables perm check", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/14/3" + }, + { + "name": "38779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38779" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab" + }, + { + "name": "38296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38296" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "SUSE-SA:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" + }, + { + "name": "37762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37762" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "FEDORA-2010-0919", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html" + }, + { + "name": "DSA-1996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1996" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4" + }, + { + "name": "38133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38133" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "[oss-security] 20100113 CVE Request: kernel ebtables perm check", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/14/1" + }, + { + "name": "ADV-2010-0109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0109" + }, + { + "name": "39033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39033" + }, + { + "name": "SUSE-SA:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html" + }, + { + "name": "38333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38333" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "oval:org.mitre.oval:def:9630", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9630" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=555238", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555238" + }, + { + "name": "DSA-2005", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2005" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "SUSE-SA:2010:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" + }, + { + "name": "kernel-ebtables-security-bypass(55602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55602" + }, + { + "name": "38492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38492" + }, + { + "name": "RHSA-2010:0161", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0161.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0258.json b/2010/0xxx/CVE-2010-0258.json index 276e29dbb8c..510b86e4bfb 100644 --- a/2010/0xxx/CVE-2010-0258.json +++ b/2010/0xxx/CVE-2010-0258.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859" - }, - { - "name" : "MS10-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545" - }, - { - "name" : "1023698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100309 Microsoft Excel Sheet Object Type Confusion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859" + }, + { + "name": "oval:org.mitre.oval:def:8545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545" + }, + { + "name": "MS10-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "1023698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023698" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0596.json b/2010/0xxx/CVE-2010-0596.json index 84d0f412b4b..b58baeb30b7 100644 --- a/2010/0xxx/CVE-2010-0596.json +++ b/2010/0xxx/CVE-2010-0596.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf" - }, - { - "name" : "20100526 Multiple Vulnerabilities in Cisco Network Building Mediator", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml" - }, - { - "name" : "VU#757804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/757804" - }, - { - "name" : "1024027", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024027" - }, - { - "name" : "39904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024027", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024027" + }, + { + "name": "20100526 Multiple Vulnerabilities in Cisco Network Building Mediator", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf" + }, + { + "name": "VU#757804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/757804" + }, + { + "name": "39904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39904" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0905.json b/2010/0xxx/CVE-2010-0905.json index 6f46dad9a2e..00e53c23402 100644 --- a/2010/0xxx/CVE-2010-0905.json +++ b/2010/0xxx/CVE-2010-0905.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1075.json b/2010/1xxx/CVE-2010-1075.json index fbffbeab905..45b03bacc8e 100644 --- a/2010/1xxx/CVE-2010-1075.json +++ b/2010/1xxx/CVE-2010-1075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt" - }, - { - "name" : "62513", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62513" - }, - { - "name" : "38688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/elcms-sql.txt" + }, + { + "name": "62513", + "refsource": "OSVDB", + "url": "http://osvdb.org/62513" + }, + { + "name": "38688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38688" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1273.json b/2010/1xxx/CVE-2010-1273.json index 932fb0fc5a9..a56f3c003b3 100644 --- a/2010/1xxx/CVE-2010-1273.json +++ b/2010/1xxx/CVE-2010-1273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html", - "refsource" : "CONFIRM", - "url" : "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html" - }, - { - "name" : "38541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38541" - }, - { - "name" : "62717", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62717" - }, - { - "name" : "38759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html", + "refsource": "CONFIRM", + "url": "http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html" + }, + { + "name": "62717", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62717" + }, + { + "name": "38759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38759" + }, + { + "name": "38541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38541" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1708.json b/2010/1xxx/CVE-2010-1708.json index bb8fa6cdcc2..340d93c9a43 100644 --- a/2010/1xxx/CVE-2010-1708.json +++ b/2010/1xxx/CVE-2010-1708.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt" - }, - { - "name" : "12411", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12411" - }, - { - "name" : "39712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39712" - }, - { - "name" : "freerealty-agentadmin-sql-injection(58193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12411", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12411" + }, + { + "name": "39712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39712" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt" + }, + { + "name": "freerealty-agentadmin-sql-injection(58193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58193" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1812.json b/2010/1xxx/CVE-2010-1812.json index ce6f7b071f1..85535017e5b 100644 --- a/2010/1xxx/CVE-2010-1812.json +++ b/2010/1xxx/CVE-2010-1812.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4334", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4334" - }, - { - "name" : "http://support.apple.com/kb/HT4455", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4455" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-09-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "43079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43079" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "appleios-selections-code-exec(61699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "APPLE-SA-2010-09-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4334", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4334" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "http://support.apple.com/kb/HT4455", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4455" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "43079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43079" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "appleios-selections-code-exec(61699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "APPLE-SA-2010-11-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1959.json b/2010/1xxx/CVE-2010-1959.json index 686868307cf..ba7e3fb238a 100644 --- a/2010/1xxx/CVE-2010-1959.json +++ b/2010/1xxx/CVE-2010-1959.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02315", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684" - }, - { - "name" : "SSRT071487", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684" - }, - { - "name" : "40371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40371" - }, - { - "name" : "64917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64917" - }, - { - "name" : "1024025", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024025" - }, - { - "name" : "39943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02315", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684" + }, + { + "name": "39943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39943" + }, + { + "name": "SSRT071487", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01373684" + }, + { + "name": "1024025", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024025" + }, + { + "name": "64917", + "refsource": "OSVDB", + "url": "http://osvdb.org/64917" + }, + { + "name": "40371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40371" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3874.json b/2010/3xxx/CVE-2010-3874.json index 9ba2744aea6..252be753833 100644 --- a/2010/3xxx/CVE-2010-3874.json +++ b/2010/3xxx/CVE-2010-3874.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/netdev/msg145791.html" - }, - { - "name" : "[netdev] 20101110 can-bcm: fix minor heap overflow", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/netdev/msg146469.html" - }, - { - "name" : "[oss-security] 20101103 CVE request: kernel: CAN information leak", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/03/3" - }, - { - "name" : "[oss-security] 20101104 Re: CVE request: kernel: CAN information leak", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/04/4" - }, - { - "name" : "[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/20/2" - }, - { - "name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/20/3" - }, - { - "name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/20/4" - }, - { - "name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/21/1" - }, - { - "name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/20/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=649695", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=649695" - }, - { - "name" : "DSA-2126", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2126" - }, - { - "name" : "FEDORA-2010-18983", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "RHSA-2010:0958", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html" - }, - { - "name" : "RHSA-2011:0007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" - }, - { - "name" : "SUSE-SA:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" - }, - { - "name" : "SUSE-SA:2011:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "42745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42745" - }, - { - "name" : "42778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42778" - }, - { - "name" : "42801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42801" - }, - { - "name" : "42932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42932" - }, - { - "name" : "42890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42890" - }, - { - "name" : "ADV-2010-3321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3321" - }, - { - "name" : "ADV-2011-0012", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0012" - }, - { - "name" : "ADV-2011-0124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0124" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html" + }, + { + "name": "42778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42778" + }, + { + "name": "[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/20/2" + }, + { + "name": "42801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42801" + }, + { + "name": "SUSE-SA:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" + }, + { + "name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/20/4" + }, + { + "name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/20/3" + }, + { + "name": "FEDORA-2010-18983", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html" + }, + { + "name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/21/1" + }, + { + "name": "SUSE-SA:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" + }, + { + "name": "42932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42932" + }, + { + "name": "[oss-security] 20101104 Re: CVE request: kernel: CAN information leak", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/04/4" + }, + { + "name": "RHSA-2011:0007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" + }, + { + "name": "ADV-2011-0124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0124" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "ADV-2010-3321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3321" + }, + { + "name": "[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/netdev/msg145791.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "RHSA-2010:0958", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=649695", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649695" + }, + { + "name": "42890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42890" + }, + { + "name": "ADV-2011-0012", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0012" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "42745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42745" + }, + { + "name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/20/5" + }, + { + "name": "[oss-security] 20101103 CVE request: kernel: CAN information leak", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/03/3" + }, + { + "name": "[netdev] 20101110 can-bcm: fix minor heap overflow", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/netdev/msg146469.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84" + }, + { + "name": "DSA-2126", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2126" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4043.json b/2010/4xxx/CVE-2010-4043.json index 34f67f1bda5..e15c32dd3c4 100644 --- a/2010/4xxx/CVE-2010-4043.json +++ b/2010/4xxx/CVE-2010-4043.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1063/" - }, - { - "name" : "http://www.opera.com/support/kb/view/971/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/971/" - }, - { - "name" : "oval:org.mitre.oval:def:12208", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12208" - }, - { - "name" : "1024570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024570" - }, - { - "name" : "41740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024570" + }, + { + "name": "oval:org.mitre.oval:def:12208", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12208" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1063/" + }, + { + "name": "http://www.opera.com/support/kb/view/971/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/971/" + }, + { + "name": "41740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41740" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1063/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1063/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4289.json b/2010/4xxx/CVE-2010-4289.json index 4bb3c442e1c..54a292436cf 100644 --- a/2010/4xxx/CVE-2010-4289.json +++ b/2010/4xxx/CVE-2010-4289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4289", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4289", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4317.json b/2010/4xxx/CVE-2010-4317.json index 70d663ab1e7..de186f7e390 100644 --- a/2010/4xxx/CVE-2010-4317.json +++ b/2010/4xxx/CVE-2010-4317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4648.json b/2010/4xxx/CVE-2010-4648.json index 9913604f9ea..d6f00276810 100644 --- a/2010/4xxx/CVE-2010-4648.json +++ b/2010/4xxx/CVE-2010-4648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/06/18" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667907", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667907" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/06/18" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667907", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667907" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48" + }, + { + "name": "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4888.json b/2010/4xxx/CVE-2010-4888.json index 3c00bcf65c3..0122763c7a6 100644 --- a/2010/4xxx/CVE-2010-4888.json +++ b/2010/4xxx/CVE-2010-4888.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0002.json b/2014/0xxx/CVE-2014-0002.json index 3fd10838fe6..8c3c584f6d1 100644 --- a/2014/0xxx/CVE-2014-0002.json +++ b/2014/0xxx/CVE-2014-0002.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc" - }, - { - "name" : "RHSA-2014:0371", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0371.html" - }, - { - "name" : "RHSA-2014:0372", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0372.html" - }, - { - "name" : "65901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65901" - }, - { - "name" : "57125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57125" - }, - { - "name" : "57716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57716" - }, - { - "name" : "57719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57125" + }, + { + "name": "RHSA-2014:0371", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html" + }, + { + "name": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc", + "refsource": "CONFIRM", + "url": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc" + }, + { + "name": "57719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57719" + }, + { + "name": "65901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65901" + }, + { + "name": "57716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57716" + }, + { + "name": "RHSA-2014:0372", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0377.json b/2014/0xxx/CVE-2014-0377.json index 44492c062bb..6a7eca19dec 100644 --- a/2014/0xxx/CVE-2014-0377.json +++ b/2014/0xxx/CVE-2014-0377.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "SUSE-SU-2014:0130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64824" - }, - { - "name" : "102081", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102081" - }, - { - "name" : "1029607", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029607" - }, - { - "name" : "56452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102081", + "refsource": "OSVDB", + "url": "http://osvdb.org/102081" + }, + { + "name": "1029607", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029607" + }, + { + "name": "64824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64824" + }, + { + "name": "56452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56452" + }, + { + "name": "SUSE-SU-2014:0130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0473.json b/2014/0xxx/CVE-2014-0473.json index 8ec10da518c..1ecfe7efe8e 100644 --- a/2014/0xxx/CVE-2014-0473.json +++ b/2014/0xxx/CVE-2014-0473.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2014/apr/21/security/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2014/apr/21/security/" - }, - { - "name" : "DSA-2934", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2934" - }, - { - "name" : "RHSA-2014:0456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0456.html" - }, - { - "name" : "RHSA-2014:0457", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0457.html" - }, - { - "name" : "openSUSE-SU-2014:1132", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html" - }, - { - "name" : "USN-2169-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2169-1" - }, - { - "name" : "61281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2169-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2169-1" + }, + { + "name": "https://www.djangoproject.com/weblog/2014/apr/21/security/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2014/apr/21/security/" + }, + { + "name": "RHSA-2014:0457", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0457.html" + }, + { + "name": "61281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61281" + }, + { + "name": "DSA-2934", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2934" + }, + { + "name": "openSUSE-SU-2014:1132", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html" + }, + { + "name": "RHSA-2014:0456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0456.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10032.json b/2014/10xxx/CVE-2014-10032.json index 176d912eb53..0ab3f6a73df 100644 --- a/2014/10xxx/CVE-2014-10032.json +++ b/2014/10xxx/CVE-2014-10032.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30689", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30689" - }, - { - "name" : "102207", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/102207" - }, - { - "name" : "taboadamacronews-newspopup-sql-injection(90459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "taboadamacronews-newspopup-sql-injection(90459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90459" + }, + { + "name": "30689", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30689" + }, + { + "name": "102207", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/102207" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4561.json b/2014/4xxx/CVE-2014-4561.json index afe404631ae..39edb0651e3 100644 --- a/2014/4xxx/CVE-2014-4561.json +++ b/2014/4xxx/CVE-2014-4561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4851.json b/2014/4xxx/CVE-2014-4851.json index 8ce846ea18b..6cffd601edd 100644 --- a/2014/4xxx/CVE-2014-4851.json +++ b/2014/4xxx/CVE-2014-4851.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127358/FoeCMS-XSS-SQL-Injection-Open-Redirect.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9033.json b/2014/9xxx/CVE-2014-9033.json index 2c76bea8c68..bbe36617dfe 100644 --- a/2014/9xxx/CVE-2014-9033.json +++ b/2014/9xxx/CVE-2014-9033.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/25/12" - }, - { - "name" : "http://core.trac.wordpress.org/changeset/30418", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset/30418" - }, - { - "name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0493.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0493.html" - }, - { - "name" : "DSA-3085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3085" - }, - { - "name" : "MDVSA-2014:233", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" - }, - { - "name" : "1031243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3085" + }, + { + "name": "http://core.trac.wordpress.org/changeset/30418", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset/30418" + }, + { + "name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/25/12" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0493.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0493.html" + }, + { + "name": "1031243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031243" + }, + { + "name": "MDVSA-2014:233", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" + }, + { + "name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9167.json b/2014/9xxx/CVE-2014-9167.json index c1d5bd01976..e6cbc377a92 100644 --- a/2014/9xxx/CVE-2014-9167.json +++ b/2014/9xxx/CVE-2014-9167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9167", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9167", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9383.json b/2014/9xxx/CVE-2014-9383.json index 8da4375f216..94d8959e366 100644 --- a/2014/9xxx/CVE-2014-9383.json +++ b/2014/9xxx/CVE-2014-9383.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9383", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9383", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9636.json b/2014/9xxx/CVE-2014-9636.json index edecc59fd93..cdad495fa25 100644 --- a/2014/9xxx/CVE-2014-9636.json +++ b/2014/9xxx/CVE-2014-9636.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141102 unzip -t crasher", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/489" - }, - { - "name" : "[oss-security] 20141103 Re: unzip -t crasher", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/496" - }, - { - "name" : "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/216" - }, - { - "name" : "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/1131" - }, - { - "name" : "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450", - "refsource" : "CONFIRM", - "url" : "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3152", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3152" - }, - { - "name" : "FEDORA-2015-1189", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html" - }, - { - "name" : "FEDORA-2015-1267", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html" - }, - { - "name" : "GLSA-201611-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-01" - }, - { - "name" : "USN-2489-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2489-1" - }, - { - "name" : "71825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71825" - }, - { - "name" : "62738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62738" - }, - { - "name" : "62751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/1131" + }, + { + "name": "62738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62738" + }, + { + "name": "GLSA-201611-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-01" + }, + { + "name": "FEDORA-2015-1267", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html" + }, + { + "name": "62751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62751" + }, + { + "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/216" + }, + { + "name": "71825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71825" + }, + { + "name": "USN-2489-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2489-1" + }, + { + "name": "DSA-3152", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3152" + }, + { + "name": "[oss-security] 20141102 unzip -t crasher", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/489" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "FEDORA-2015-1189", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html" + }, + { + "name": "[oss-security] 20141103 Re: unzip -t crasher", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/496" + }, + { + "name": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450", + "refsource": "CONFIRM", + "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9853.json b/2014/9xxx/CVE-2014-9853.json index c4568c1a5f4..80434a81d3f 100644 --- a/2014/9xxx/CVE-2014-9853.json +++ b/2014/9xxx/CVE-2014-9853.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343513", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343513" - }, - { - "name" : "SUSE-SU-2016:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:1783", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:1784", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2016:1724", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:1833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:2073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" - }, - { - "name" : "openSUSE-SU-2016:3060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" - }, - { - "name" : "USN-3131-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3131-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:2073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" + }, + { + "name": "openSUSE-SU-2016:1833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" + }, + { + "name": "openSUSE-SU-2016:3060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:1724", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" + }, + { + "name": "SUSE-SU-2016:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "openSUSE-SU-2016:1748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" + }, + { + "name": "SUSE-SU-2016:1784", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" + }, + { + "name": "SUSE-SU-2016:1783", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513" + }, + { + "name": "USN-3131-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3131-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9894.json b/2014/9xxx/CVE-2014-9894.json index 03e54137f79..2d2c79b5aeb 100644 --- a/2014/9xxx/CVE-2014-9894.json +++ b/2014/9xxx/CVE-2014-9894.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f" - }, - { - "name" : "92222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f" + }, + { + "name": "92222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92222" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3142.json b/2016/3xxx/CVE-2016-3142.json index 4c5752c0fc4..4352d873b7e 100644 --- a/2016/3xxx/CVE-2016-3142.json +++ b/2016/3xxx/CVE-2016-3142.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-3142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=71498", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=71498" - }, - { - "name" : "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd", - "refsource" : "CONFIRM", - "url" : "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd" - }, - { - "name" : "https://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "https://php.net/ChangeLog-5.php" - }, - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "SUSE-SU-2016:1145", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html" - }, - { - "name" : "openSUSE-SU-2016:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html" - }, - { - "name" : "openSUSE-SU-2016:1173", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html" - }, - { - "name" : "USN-2952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-1" - }, - { - "name" : "USN-2952-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-2" - }, - { - "name" : "1035255", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-1" + }, + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "openSUSE-SU-2016:1173", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "SUSE-SU-2016:1166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html" + }, + { + "name": "USN-2952-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-2" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "1035255", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035255" + }, + { + "name": "https://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "https://php.net/ChangeLog-5.php" + }, + { + "name": "openSUSE-SU-2016:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html" + }, + { + "name": "SUSE-SU-2016:1145", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html" + }, + { + "name": "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd", + "refsource": "CONFIRM", + "url": "https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd" + }, + { + "name": "https://bugs.php.net/bug.php?id=71498", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=71498" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3228.json b/2016/3xxx/CVE-2016-3228.json index 795e5f71395..229c68e1459 100644 --- a/2016/3xxx/CVE-2016-3228.json +++ b/2016/3xxx/CVE-2016-3228.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka \"Windows Netlogon Memory Corruption Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-076", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-076" - }, - { - "name" : "1036103", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka \"Windows Netlogon Memory Corruption Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036103", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036103" + }, + { + "name": "MS16-076", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-076" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3305.json b/2016/3xxx/CVE-2016-3305.json index 956989ed237..bf4778e5a3e 100644 --- a/2016/3xxx/CVE-2016-3305.json +++ b/2016/3xxx/CVE-2016-3305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka \"Windows Session Object Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3306." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-111", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" - }, - { - "name" : "92812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92812" - }, - { - "name" : "1036802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka \"Windows Session Object Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3306." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-111", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" + }, + { + "name": "1036802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036802" + }, + { + "name": "92812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92812" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3596.json b/2016/3xxx/CVE-2016-3596.json index 4061a7236fb..532e8a2b451 100644 --- a/2016/3xxx/CVE-2016-3596.json +++ b/2016/3xxx/CVE-2016-3596.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91942" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91942" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3799.json b/2016/3xxx/CVE-2016-3799.json index 1aa1ae69460..79d4e3e9b3e 100644 --- a/2016/3xxx/CVE-2016-3799.json +++ b/2016/3xxx/CVE-2016-3799.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3972.json b/2016/3xxx/CVE-2016-3972.json index a664f244d3a..77cfcd2d046 100644 --- a/2016/3xxx/CVE-2016-3972.json +++ b/2016/3xxx/CVE-2016-3972.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160408 [CVE-2016-3972]DotCMS Directory traversal vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Apr/36" - }, - { - "name" : "http://dotcms.com/security/SI-34", - "refsource" : "CONFIRM", - "url" : "http://dotcms.com/security/SI-34" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dotcms.com/security/SI-34", + "refsource": "CONFIRM", + "url": "http://dotcms.com/security/SI-34" + }, + { + "name": "20160408 [CVE-2016-3972]DotCMS Directory traversal vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Apr/36" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6480.json b/2016/6xxx/CVE-2016-6480.json index 79aa87368ac..d9b170c1fcd 100644 --- a/2016/6xxx/CVE-2016-6480.json +++ b/2016/6xxx/CVE-2016-6480.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539074/30/0/threaded" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1362466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1362466" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "RHSA-2017:0817", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0817.html" - }, - { - "name" : "SUSE-SU-2016:2230", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html" - }, - { - "name" : "SUSE-SU-2016:2174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html" - }, - { - "name" : "SUSE-SU-2016:2175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html" - }, - { - "name" : "SUSE-SU-2016:2177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html" - }, - { - "name" : "SUSE-SU-2016:2178", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html" - }, - { - "name" : "SUSE-SU-2016:2179", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:2180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html" - }, - { - "name" : "SUSE-SU-2016:2181", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html" - }, - { - "name" : "92214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466" + }, + { + "name": "20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539074/30/0/threaded" + }, + { + "name": "SUSE-SU-2016:2180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html" + }, + { + "name": "92214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92214" + }, + { + "name": "SUSE-SU-2016:2174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html" + }, + { + "name": "SUSE-SU-2016:2230", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html" + }, + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "RHSA-2017:0817", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" + }, + { + "name": "SUSE-SU-2016:2181", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html" + }, + { + "name": "SUSE-SU-2016:2178", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html" + }, + { + "name": "SUSE-SU-2016:2175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html" + }, + { + "name": "SUSE-SU-2016:2177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html" + }, + { + "name": "SUSE-SU-2016:2179", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6549.json b/2016/6xxx/CVE-2016-6549.json index 2e6b6a0e16e..809bff5b566 100644 --- a/2016/6xxx/CVE-2016-6549.json +++ b/2016/6xxx/CVE-2016-6549.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6549", - "STATE" : "PUBLIC", - "TITLE" : "Zizai Tech Nut allows for unauthenticated Bluetooth pairing" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tech Nut", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Zizai Technology" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6549", + "STATE": "PUBLIC", + "TITLE": "Zizai Tech Nut allows for unauthenticated Bluetooth pairing" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tech Nut", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Zizai Technology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" - }, - { - "name" : "VU#402847", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/402847" - }, - { - "name" : "93877", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/93877" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93877", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93877" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + }, + { + "name": "VU#402847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/402847" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6730.json b/2016/6xxx/CVE-2016-6730.json index b4998066f47..e051af25a6e 100644 --- a/2016/6xxx/CVE-2016-6730.json +++ b/2016/6xxx/CVE-2016-6730.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94140" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7064.json b/2016/7xxx/CVE-2016-7064.json index 91bcd983745..2c6c1afb219 100644 --- a/2016/7xxx/CVE-2016-7064.json +++ b/2016/7xxx/CVE-2016-7064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7596.json b/2016/7xxx/CVE-2016-7596.json index 6be201a60b1..9b59f5dafa8 100644 --- a/2016/7xxx/CVE-2016-7596.json +++ b/2016/7xxx/CVE-2016-7596.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7629.json b/2016/7xxx/CVE-2016-7629.json index 05e580ba27a..738d340282a 100644 --- a/2016/7xxx/CVE-2016-7629.json +++ b/2016/7xxx/CVE-2016-7629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7831.json b/2016/7xxx/CVE-2016-7831.json index f14906710a8..1e6ff5345a0 100644 --- a/2016/7xxx/CVE-2016-7831.json +++ b/2016/7xxx/CVE-2016-7831.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sleipnir 4 Black Edition for Mac", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.3 and earlier" - } - ] - } - }, - { - "product_name" : "Sleipnir 4 for Mac", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.3 and earlier (Mac App Store)" - } - ] - } - } - ] - }, - "vendor_name" : "Fenrir Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "User Interface (UI) Misrepresentation of Information" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sleipnir 4 Black Edition for Mac", + "version": { + "version_data": [ + { + "version_value": "4.5.3 and earlier" + } + ] + } + }, + { + "product_name": "Sleipnir 4 for Mac", + "version": { + "version_data": [ + { + "version_value": "4.5.3 and earlier (Mac App Store)" + } + ] + } + } + ] + }, + "vendor_name": "Fenrir Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#28151745", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN28151745/index.html" - }, - { - "name" : "94830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94830" + }, + { + "name": "JVN#28151745", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN28151745/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8369.json b/2016/8xxx/CVE-2016-8369.json index 0e2542a28d4..4175063bc2c 100644 --- a/2016/8xxx/CVE-2016-8369.json +++ b/2016/8xxx/CVE-2016-8369.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older", - "version" : { - "version_data" : [ - { - "version_value" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lynxspring JENEsys BAS Bridge csrf" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lynxspring JENEsys BAS Bridge 1.1.8 and older", + "version": { + "version_data": [ + { + "version_value": "Lynxspring JENEsys BAS Bridge 1.1.8 and older" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" - }, - { - "name" : "94344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lynxspring JENEsys BAS Bridge csrf" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94344" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8921.json b/2016/8xxx/CVE-2016-8921.json index de49ecc9f68..81901b56713 100644 --- a/2016/8xxx/CVE-2016-8921.json +++ b/2016/8xxx/CVE-2016-8921.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FileNet Content Manager", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.5.0" - }, - { - "version_value" : "4.5.1" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.1" - }, - { - "version_value" : "5.2.0" - }, - { - "version_value" : "5.2.0.1" - }, - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.2" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "1.1.5" - }, - { - "version_value" : "5.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FileNet Content Manager", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.5.0" + }, + { + "version_value": "4.5.1" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.1" + }, + { + "version_value": "5.2.0" + }, + { + "version_value": "5.2.0.1" + }, + { + "version_value": "5.1.0" + }, + { + "version_value": "5.2" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "1.1.5" + }, + { + "version_value": "5.2.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21994018", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21994018" - }, - { - "name" : "94582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21994018", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21994018" + }, + { + "name": "94582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94582" + } + ] + } +} \ No newline at end of file