From 012e5190b22e8e5d3bb7398ac0802c02acdafa25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:16:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0090.json | 150 ++++++++-------- 2006/0xxx/CVE-2006-0670.json | 240 ++++++++++++------------- 2006/0xxx/CVE-2006-0872.json | 200 ++++++++++----------- 2006/1xxx/CVE-2006-1033.json | 170 +++++++++--------- 2006/1xxx/CVE-2006-1202.json | 180 +++++++++---------- 2006/3xxx/CVE-2006-3216.json | 190 ++++++++++---------- 2006/3xxx/CVE-2006-3428.json | 180 +++++++++---------- 2006/3xxx/CVE-2006-3820.json | 170 +++++++++--------- 2006/4xxx/CVE-2006-4155.json | 140 +++++++-------- 2006/4xxx/CVE-2006-4597.json | 160 ++++++++--------- 2006/4xxx/CVE-2006-4662.json | 190 ++++++++++---------- 2010/2xxx/CVE-2010-2349.json | 130 +++++++------- 2010/2xxx/CVE-2010-2564.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2617.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2805.json | 340 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3050.json | 120 ++++++------- 2010/4xxx/CVE-2010-4222.json | 34 ++-- 2010/4xxx/CVE-2010-4496.json | 190 ++++++++++---------- 2011/1xxx/CVE-2011-1099.json | 190 ++++++++++---------- 2011/1xxx/CVE-2011-1361.json | 34 ++-- 2011/1xxx/CVE-2011-1516.json | 130 +++++++------- 2011/5xxx/CVE-2011-5190.json | 160 ++++++++--------- 2014/3xxx/CVE-2014-3085.json | 150 ++++++++-------- 2014/3xxx/CVE-2014-3130.json | 160 ++++++++--------- 2014/3xxx/CVE-2014-3870.json | 130 +++++++------- 2014/7xxx/CVE-2014-7517.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7570.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7574.json | 34 ++-- 2014/7xxx/CVE-2014-7640.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7783.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7984.json | 120 ++++++------- 2014/8xxx/CVE-2014-8073.json | 140 +++++++-------- 2014/8xxx/CVE-2014-8087.json | 140 +++++++-------- 2014/8xxx/CVE-2014-8125.json | 160 ++++++++--------- 2014/8xxx/CVE-2014-8905.json | 34 ++-- 2014/9xxx/CVE-2014-9161.json | 160 ++++++++--------- 2014/9xxx/CVE-2014-9380.json | 160 ++++++++--------- 2014/9xxx/CVE-2014-9547.json | 34 ++-- 2016/2xxx/CVE-2016-2019.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2069.json | 330 +++++++++++++++++----------------- 2016/2xxx/CVE-2016-2724.json | 34 ++-- 2016/2xxx/CVE-2016-2735.json | 34 ++-- 2016/2xxx/CVE-2016-2772.json | 34 ++-- 2016/6xxx/CVE-2016-6015.json | 34 ++-- 2016/6xxx/CVE-2016-6244.json | 130 +++++++------- 2016/6xxx/CVE-2016-6529.json | 34 ++-- 2016/6xxx/CVE-2016-6850.json | 130 +++++++------- 2016/7xxx/CVE-2016-7487.json | 34 ++-- 2017/5xxx/CVE-2017-5344.json | 160 ++++++++--------- 2017/5xxx/CVE-2017-5816.json | 162 ++++++++--------- 50 files changed, 3408 insertions(+), 3408 deletions(-) diff --git a/2006/0xxx/CVE-2006-0090.json b/2006/0xxx/CVE-2006-0090.json index 7a8a7ffb5d1..5fe19752367 100644 --- a/2006/0xxx/CVE-2006-0090.json +++ b/2006/0xxx/CVE-2006-0090.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499" - }, - { - "name" : "16137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16137" - }, - { - "name" : "ADV-2006-0031", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0031" - }, - { - "name" : "18298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0031", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0031" + }, + { + "name": "18298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18298" + }, + { + "name": "16137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16137" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0670.json b/2006/0xxx/CVE-2006-0670.json index 70be05eb18b..489b46d9be3 100644 --- a/2006/0xxx/CVE-2006-0670.json +++ b/2006/0xxx/CVE-2006-0670.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on hcidump 1.29 + PoC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424133/100/0/threaded" - }, - { - "name" : "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on hcidump", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113924625825488&w=2" - }, - { - "name" : "http://www.secuobs.com/news/05022006-bluetooth9.shtml#english", - "refsource" : "MISC", - "url" : "http://www.secuobs.com/news/05022006-bluetooth9.shtml#english" - }, - { - "name" : "DSA-990", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-990" - }, - { - "name" : "MDKSA-2006:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:041" - }, - { - "name" : "USN-256-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-256-1" - }, - { - "name" : "ADV-2006-0479", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0479" - }, - { - "name" : "23056", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23056" - }, - { - "name" : "18741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18741" - }, - { - "name" : "18971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18971" - }, - { - "name" : "19122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19122" - }, - { - "name" : "465", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/465" - }, - { - "name" : "hcidump-bluetooth-dos(24533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on hcidump", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113924625825488&w=2" + }, + { + "name": "MDKSA-2006:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:041" + }, + { + "name": "23056", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23056" + }, + { + "name": "18971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18971" + }, + { + "name": "ADV-2006-0479", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0479" + }, + { + "name": "DSA-990", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-990" + }, + { + "name": "18741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18741" + }, + { + "name": "20060206 [ Secuobs - Advisory ] Bluetooth : DoS on hcidump 1.29 + PoC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424133/100/0/threaded" + }, + { + "name": "USN-256-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-256-1" + }, + { + "name": "hcidump-bluetooth-dos(24533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24533" + }, + { + "name": "465", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/465" + }, + { + "name": "http://www.secuobs.com/news/05022006-bluetooth9.shtml#english", + "refsource": "MISC", + "url": "http://www.secuobs.com/news/05022006-bluetooth9.shtml#english" + }, + { + "name": "19122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19122" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0872.json b/2006/0xxx/CVE-2006-0872.json index a4dc968be1b..36d740d0126 100644 --- a/2006/0xxx/CVE-2006-0872.json +++ b/2006/0xxx/CVE-2006-0872.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060218 Coppermine Photo Gallery <=1.4.3 remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425387" - }, - { - "name" : "http://retrogod.altervista.org/cpg_143_adv.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/cpg_143_adv.html" - }, - { - "name" : "http://retrogod.altervista.org/cpg_143_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/cpg_143_incl_xpl.html" - }, - { - "name" : "http://coppermine-gallery.net/forum/index.php?topic=28062.0", - "refsource" : "CONFIRM", - "url" : "http://coppermine-gallery.net/forum/index.php?topic=28062.0" - }, - { - "name" : "16718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16718" - }, - { - "name" : "ADV-2006-0669", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0669" - }, - { - "name" : "1015646", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015646" - }, - { - "name" : "18941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18941" - }, - { - "name" : "coppermine-init-file-include(24814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0669", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0669" + }, + { + "name": "http://retrogod.altervista.org/cpg_143_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/cpg_143_incl_xpl.html" + }, + { + "name": "16718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16718" + }, + { + "name": "20060218 Coppermine Photo Gallery <=1.4.3 remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425387" + }, + { + "name": "18941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18941" + }, + { + "name": "http://retrogod.altervista.org/cpg_143_adv.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/cpg_143_adv.html" + }, + { + "name": "http://coppermine-gallery.net/forum/index.php?topic=28062.0", + "refsource": "CONFIRM", + "url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0" + }, + { + "name": "coppermine-init-file-include(24814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24814" + }, + { + "name": "1015646", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015646" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1033.json b/2006/1xxx/CVE-2006-1033.json index 343e9740fb0..0f6a4cb7b45 100644 --- a/2006/1xxx/CVE-2006-1033.json +++ b/2006/1xxx/CVE-2006-1033.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html" - }, - { - "name" : "16784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16784" - }, - { - "name" : "ADV-2006-0688", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0688" - }, - { - "name" : "1015661", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015661" - }, - { - "name" : "18940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18940" - }, - { - "name" : "cpg-dragonfly-multiple-xss(24843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16784" + }, + { + "name": "cpg-dragonfly-multiple-xss(24843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24843" + }, + { + "name": "1015661", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015661" + }, + { + "name": "ADV-2006-0688", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0688" + }, + { + "name": "http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html" + }, + { + "name": "18940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18940" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1202.json b/2006/1xxx/CVE-2006-1202.json index 09dfdd44c4f..772ffd8ace9 100644 --- a/2006/1xxx/CVE-2006-1202.json +++ b/2006/1xxx/CVE-2006-1202.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060308 textfileBB <= 1.0 Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427081/100/0/threaded" - }, - { - "name" : "http://notlegal.ws/textfilebbmessanger.txt", - "refsource" : "MISC", - "url" : "http://notlegal.ws/textfilebbmessanger.txt" - }, - { - "name" : "17029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17029" - }, - { - "name" : "ADV-2006-0897", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0897" - }, - { - "name" : "1015744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015744" - }, - { - "name" : "19149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19149" - }, - { - "name" : "textbb-messanger-xss(25091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17029" + }, + { + "name": "ADV-2006-0897", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0897" + }, + { + "name": "http://notlegal.ws/textfilebbmessanger.txt", + "refsource": "MISC", + "url": "http://notlegal.ws/textfilebbmessanger.txt" + }, + { + "name": "20060308 textfileBB <= 1.0 Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427081/100/0/threaded" + }, + { + "name": "textbb-messanger-xss(25091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091" + }, + { + "name": "1015744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015744" + }, + { + "name": "19149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19149" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3216.json b/2006/3xxx/CVE-2006-3216.json index 09d98aa2169..d19a2ab1f1a 100644 --- a/2006/3xxx/CVE-2006-3216.json +++ b/2006/3xxx/CVE-2006-3216.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm", - "refsource" : "CONFIRM", - "url" : "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm" - }, - { - "name" : "18584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18584" - }, - { - "name" : "ADV-2006-2473", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2473" - }, - { - "name" : "26738", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26738" - }, - { - "name" : "26739", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26739" - }, - { - "name" : "20756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20756" - }, - { - "name" : "mailsweeper-reverse-dns-dos(27303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303" - }, - { - "name" : "mailsweeper-malformed-message-dos(27305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mailsweeper-malformed-message-dos(27305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305" + }, + { + "name": "26739", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26739" + }, + { + "name": "mailsweeper-reverse-dns-dos(27303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303" + }, + { + "name": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm", + "refsource": "CONFIRM", + "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm" + }, + { + "name": "18584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18584" + }, + { + "name": "20756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20756" + }, + { + "name": "26738", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26738" + }, + { + "name": "ADV-2006-2473", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2473" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3428.json b/2006/3xxx/CVE-2006-3428.json index 4ef1e2e9d32..cf1a6648d08 100644 --- a/2006/3xxx/CVE-2006-3428.json +++ b/2006/3xxx/CVE-2006-3428.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060705 TigerTom Scripts", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439208/100/0/threaded" - }, - { - "name" : "18844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18844" - }, - { - "name" : "ADV-2006-2692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2692" - }, - { - "name" : "27035", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27035" - }, - { - "name" : "27036", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27036" - }, - { - "name" : "20952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20952" - }, - { - "name" : "tigertom-multiple-fields-xss(27563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060705 TigerTom Scripts", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439208/100/0/threaded" + }, + { + "name": "tigertom-multiple-fields-xss(27563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27563" + }, + { + "name": "27036", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27036" + }, + { + "name": "27035", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27035" + }, + { + "name": "ADV-2006-2692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2692" + }, + { + "name": "18844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18844" + }, + { + "name": "20952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20952" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3820.json b/2006/3xxx/CVE-2006-3820.json index 0e57a4963cd..3feef5c6672 100644 --- a/2006/3xxx/CVE-2006-3820.json +++ b/2006/3xxx/CVE-2006-3820.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securesky-tech.com/", - "refsource" : "MISC", - "url" : "http://www.securesky-tech.com/" - }, - { - "name" : "http://loudblog.de/forum/viewtopic.php?id=756", - "refsource" : "CONFIRM", - "url" : "http://loudblog.de/forum/viewtopic.php?id=756" - }, - { - "name" : "19082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19082" - }, - { - "name" : "ADV-2006-2901", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2901" - }, - { - "name" : "21098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21098" - }, - { - "name" : "loudblog-loudblogindex-xss(27849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "loudblog-loudblogindex-xss(27849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27849" + }, + { + "name": "19082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19082" + }, + { + "name": "ADV-2006-2901", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2901" + }, + { + "name": "http://loudblog.de/forum/viewtopic.php?id=756", + "refsource": "CONFIRM", + "url": "http://loudblog.de/forum/viewtopic.php?id=756" + }, + { + "name": "21098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21098" + }, + { + "name": "http://www.securesky-tech.com/", + "refsource": "MISC", + "url": "http://www.securesky-tech.com/" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4155.json b/2006/4xxx/CVE-2006-4155.json index c9036a7ac1b..e9fb951da75 100644 --- a/2006/4xxx/CVE-2006-4155.json +++ b/2006/4xxx/CVE-2006-4155.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.invisionpower.com/index.php?&showtopic=225755", - "refsource" : "CONFIRM", - "url" : "http://forums.invisionpower.com/index.php?&showtopic=225755" - }, - { - "name" : "ADV-2006-3260", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3260" - }, - { - "name" : "21442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21442" + }, + { + "name": "http://forums.invisionpower.com/index.php?&showtopic=225755", + "refsource": "CONFIRM", + "url": "http://forums.invisionpower.com/index.php?&showtopic=225755" + }, + { + "name": "ADV-2006-3260", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3260" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4597.json b/2006/4xxx/CVE-2006-4597.json index b345705f061..6ad9bb24884 100644 --- a/2006/4xxx/CVE-2006-4597.json +++ b/2006/4xxx/CVE-2006-4597.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060901 Icblogger <= \"YID\" Remote Blind SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445002/100/0/threaded" - }, - { - "name" : "2287", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2287" - }, - { - "name" : "ADV-2006-3441", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3441" - }, - { - "name" : "21741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21741" - }, - { - "name" : "1503", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2287", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2287" + }, + { + "name": "21741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21741" + }, + { + "name": "1503", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1503" + }, + { + "name": "20060901 Icblogger <= \"YID\" Remote Blind SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445002/100/0/threaded" + }, + { + "name": "ADV-2006-3441", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3441" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4662.json b/2006/4xxx/CVE-2006-4662.json index ea2360fcadf..6f429baf089 100644 --- a/2006/4xxx/CVE-2006-4662.json +++ b/2006/4xxx/CVE-2006-4662.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 CORE-2006-0321: AOL ICQ Pro 2003b heap overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445513/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509" - }, - { - "name" : "VU#400780", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/400780" - }, - { - "name" : "19897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19897" - }, - { - "name" : "ADV-2006-3527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3527" - }, - { - "name" : "21834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21834" - }, - { - "name" : "1530", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1530" - }, - { - "name" : "icqpro-mcregexsearch-bo(28835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060907 CORE-2006-0321: AOL ICQ Pro 2003b heap overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445513/100/0/threaded" + }, + { + "name": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509", + "refsource": "MISC", + "url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509" + }, + { + "name": "1530", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1530" + }, + { + "name": "ADV-2006-3527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3527" + }, + { + "name": "21834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21834" + }, + { + "name": "VU#400780", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/400780" + }, + { + "name": "icqpro-mcregexsearch-bo(28835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28835" + }, + { + "name": "19897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19897" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2349.json b/2010/2xxx/CVE-2010-2349.json index e152a7cd879..738fa75e2a6 100644 --- a/2010/2xxx/CVE-2010-2349.json +++ b/2010/2xxx/CVE-2010-2349.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13920", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13920" - }, - { - "name" : "40299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13920", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13920" + }, + { + "name": "40299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40299" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2564.json b/2010/2xxx/CVE-2010-2564.json index e99c54f9714..37260b8b74b 100644 --- a/2010/2xxx/CVE-2010-2564.json +++ b/2010/2xxx/CVE-2010-2564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka \"Movie Maker Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-050" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12011", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka \"Movie Maker Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-050" + }, + { + "name": "oval:org.mitre.oval:def:12011", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12011" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2617.json b/2010/2xxx/CVE-2010-2617.json index 9a03ee14a7e..b64aea4b050 100644 --- a/2010/2xxx/CVE-2010-2617.json +++ b/2010/2xxx/CVE-2010-2617.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt" - }, - { - "name" : "41197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41197" - }, - { - "name" : "phpbiblesearch-bible-xss(59843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbiblesearch-bible-xss(59843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59843" + }, + { + "name": "41197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41197" + }, + { + "name": "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1006-exploits/phpbiblesearch-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2805.json b/2010/2xxx/CVE-2010-2805.json index e5c4c4fb567..f5f40c12c13 100644 --- a/2010/2xxx/CVE-2010-2805.json +++ b/2010/2xxx/CVE-2010-2805.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128111955616772&w=2" - }, - { - "name" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2", - "refsource" : "CONFIRM", - "url" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375" - }, - { - "name" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?30644", - "refsource" : "CONFIRM", - "url" : "https://savannah.nongnu.org/bugs/?30644" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "http://support.apple.com/kb/HT4457", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4457" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "RHSA-2010:0864", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0864.html" - }, - { - "name" : "USN-972-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-972-1" - }, - { - "name" : "42285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42285" - }, - { - "name" : "40816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40816" - }, - { - "name" : "40982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40982" - }, - { - "name" : "42317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42317" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "ADV-2010-2018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2018" - }, - { - "name" : "ADV-2010-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2106" - }, - { - "name" : "ADV-2010-3045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3045" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-3045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3045" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" + }, + { + "name": "http://support.apple.com/kb/HT4457", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4457" + }, + { + "name": "ADV-2010-2018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2018" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375" + }, + { + "name": "USN-972-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-972-1" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128111955616772&w=2" + }, + { + "name": "42317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42317" + }, + { + "name": "40816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40816" + }, + { + "name": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2", + "refsource": "CONFIRM", + "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view" + }, + { + "name": "RHSA-2010:0864", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0864.html" + }, + { + "name": "40982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40982" + }, + { + "name": "ADV-2010-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2106" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "https://savannah.nongnu.org/bugs/?30644", + "refsource": "CONFIRM", + "url": "https://savannah.nongnu.org/bugs/?30644" + }, + { + "name": "42285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42285" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3050.json b/2010/3xxx/CVE-2010-3050.json index 501e900551e..aac00cd377e 100644 --- a/2010/3xxx/CVE-2010-3050.json +++ b/2010/3xxx/CVE-2010-3050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150825 Chapter: Caveats in Release 12.2(33)SXI Rebuilds", - "refsource" : "CISCO", - "url" : "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150825 Chapter: Caveats in Release 12.2(33)SXI Rebuilds", + "refsource": "CISCO", + "url": "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4222.json b/2010/4xxx/CVE-2010-4222.json index 1a8df8d8873..c10ccfb41bc 100644 --- a/2010/4xxx/CVE-2010-4222.json +++ b/2010/4xxx/CVE-2010-4222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4496.json b/2010/4xxx/CVE-2010-4496.json index ef8e2f2294a..62b2c99c6df 100644 --- a/2010/4xxx/CVE-2010-4496.json +++ b/2010/4xxx/CVE-2010-4496.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp" - }, - { - "name" : "45691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45691" - }, - { - "name" : "70371", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70371" - }, - { - "name" : "1024942", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024942" - }, - { - "name" : "42791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42791" - }, - { - "name" : "ADV-2011-0037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0037" - }, - { - "name" : "tibco-unspecified-sql-injection(64520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45691" + }, + { + "name": "70371", + "refsource": "OSVDB", + "url": "http://osvdb.org/70371" + }, + { + "name": "42791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42791" + }, + { + "name": "ADV-2011-0037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0037" + }, + { + "name": "tibco-unspecified-sql-injection(64520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64520" + }, + { + "name": "1024942", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024942" + }, + { + "name": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp" + }, + { + "name": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1099.json b/2011/1xxx/CVE-2011-1099.json index 2576779c281..d1351795caa 100644 --- a/2011/1xxx/CVE-2011-1099.json +++ b/2011/1xxx/CVE-2011-1099.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110306 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516873/100/0/threaded" - }, - { - "name" : "16933", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16933" - }, - { - "name" : "http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/", - "refsource" : "MISC", - "url" : "http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/" - }, - { - "name" : "46770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46770" - }, - { - "name" : "71028", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71028" - }, - { - "name" : "43599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43599" - }, - { - "name" : "8121", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8121" - }, - { - "name" : "quickpoll-index-directory-traversal(65947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43599" + }, + { + "name": "16933", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16933" + }, + { + "name": "quickpoll-index-directory-traversal(65947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65947" + }, + { + "name": "http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/", + "refsource": "MISC", + "url": "http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/" + }, + { + "name": "8121", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8121" + }, + { + "name": "46770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46770" + }, + { + "name": "20110306 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516873/100/0/threaded" + }, + { + "name": "71028", + "refsource": "OSVDB", + "url": "http://osvdb.org/71028" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1361.json b/2011/1xxx/CVE-2011-1361.json index 753bc1f7784..1d72d164eb0 100644 --- a/2011/1xxx/CVE-2011-1361.json +++ b/2011/1xxx/CVE-2011-1361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1516.json b/2011/1xxx/CVE-2011-1516.json index 39e2485abd9..0b1637a96d3 100644 --- a/2011/1xxx/CVE-2011-1516.json +++ b/2011/1xxx/CVE-2011-1516.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111110 CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520479/100/100/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/apple-osx-sandbox-bypass", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/apple-osx-sandbox-bypass" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass" + }, + { + "name": "20111110 CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5190.json b/2011/5xxx/CVE-2011-5190.json index c24339bc654..eafed5aaf43 100644 --- a/2011/5xxx/CVE-2011-5190.json +++ b/2011/5xxx/CVE-2011-5190.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) signup.php, (2) lostpass.php, (3) login.php, (4) index.php, (5) help_tos.php, (6) help_contact.php, or (7) help.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/107344/socialbook-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/107344/socialbook-xss.txt" - }, - { - "name" : "50840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50840" - }, - { - "name" : "77646", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77646" - }, - { - "name" : "47005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47005" - }, - { - "name" : "socialbookfacebookclone-multiple-xss(71515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) signup.php, (2) lostpass.php, (3) login.php, (4) index.php, (5) help_tos.php, (6) help_contact.php, or (7) help.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47005" + }, + { + "name": "77646", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77646" + }, + { + "name": "socialbookfacebookclone-multiple-xss(71515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71515" + }, + { + "name": "50840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50840" + }, + { + "name": "http://packetstormsecurity.org/files/view/107344/socialbook-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/107344/socialbook-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3085.json b/2014/3xxx/CVE-2014-3085.json index 9657350b16c..75cd9f7eade 100644 --- a/2014/3xxx/CVE-2014-3085.json +++ b/2014/3xxx/CVE-2014-3085.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34132", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34132/" - }, - { - "name" : "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html" - }, - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983" - }, - { - "name" : "ibm-gcm-cve20143085-rce(94091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html" + }, + { + "name": "34132", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34132/" + }, + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983" + }, + { + "name": "ibm-gcm-cve20143085-rce(94091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94091" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3130.json b/2014/3xxx/CVE-2014-3130.json index f28d8774e99..e8cfed1c6be 100644 --- a/2014/3xxx/CVE-2014-3130.json +++ b/2014/3xxx/CVE-2014-3130.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/302" - }, - { - "name" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1910914", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1910914" - }, - { - "name" : "67108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67108" + }, + { + "name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009", + "refsource": "MISC", + "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009" + }, + { + "name": "https://service.sap.com/sap/support/notes/1910914", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1910914" + }, + { + "name": "20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/302" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3870.json b/2014/3xxx/CVE-2014-3870.json index 75789270f18..9d4bcb13f6d 100644 --- a/2014/3xxx/CVE-2014-3870.json +++ b/2014/3xxx/CVE-2014-3870.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126782/wpbib2html-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126782/wpbib2html-xss.txt" - }, - { - "name" : "67589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67589" + }, + { + "name": "http://packetstormsecurity.com/files/126782/wpbib2html-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126782/wpbib2html-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7517.json b/2014/7xxx/CVE-2014-7517.json index a3a0e3cbca6..07b7100916d 100644 --- a/2014/7xxx/CVE-2014-7517.json +++ b/2014/7xxx/CVE-2014-7517.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#796601", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/796601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#796601", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/796601" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7570.json b/2014/7xxx/CVE-2014-7570.json index de672919a90..43a5c74bc52 100644 --- a/2014/7xxx/CVE-2014-7570.json +++ b/2014/7xxx/CVE-2014-7570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#195385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/195385" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#195385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/195385" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7574.json b/2014/7xxx/CVE-2014-7574.json index 2c1ba69a1d9..28738665dd2 100644 --- a/2014/7xxx/CVE-2014-7574.json +++ b/2014/7xxx/CVE-2014-7574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7574", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7574", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7640.json b/2014/7xxx/CVE-2014-7640.json index c3a963a14fd..dd3ab99da40 100644 --- a/2014/7xxx/CVE-2014-7640.json +++ b/2014/7xxx/CVE-2014-7640.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#534625", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/534625" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#534625", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/534625" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7783.json b/2014/7xxx/CVE-2014-7783.json index 2413ae3ea81..8629727dd43 100644 --- a/2014/7xxx/CVE-2014-7783.json +++ b/2014/7xxx/CVE-2014-7783.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#296761", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/296761" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#296761", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/296761" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7984.json b/2014/7xxx/CVE-2014-7984.json index 541dd66529e..74ce0018652 100644 --- a/2014/7xxx/CVE-2014-7984.json +++ b/2014/7xxx/CVE-2014-7984.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8073.json b/2014/8xxx/CVE-2014-8073.json index e7ca750d9d8..40c2cad52e1 100644 --- a/2014/8xxx/CVE-2014-8073.json +++ b/2014/8xxx/CVE-2014-8073.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html" - }, - { - "name" : "70664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70664" - }, - { - "name" : "openmrs-cve20148073-csrf(97692)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html" + }, + { + "name": "70664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70664" + }, + { + "name": "openmrs-cve20148073-csrf(97692)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97692" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8087.json b/2014/8xxx/CVE-2014-8087.json index 43a1d2d7728..f1421663f18 100644 --- a/2014/8xxx/CVE-2014-8087.json +++ b/2014/8xxx/CVE-2014-8087.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://g0blin.co.uk/cve-2014-8087/", - "refsource" : "MISC", - "url" : "https://g0blin.co.uk/cve-2014-8087/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8240", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8240" - }, - { - "name" : "https://wordpress.org/plugins/post-highlights/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/post-highlights/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/post-highlights/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/post-highlights/#developers" + }, + { + "name": "https://g0blin.co.uk/cve-2014-8087/", + "refsource": "MISC", + "url": "https://g0blin.co.uk/cve-2014-8087/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8240", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8240" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8125.json b/2014/8xxx/CVE-2014-8125.json index aedd3d30df8..0257c47a302 100644 --- a/2014/8xxx/CVE-2014-8125.json +++ b/2014/8xxx/CVE-2014-8125.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169553", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169553" - }, - { - "name" : "https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3", - "refsource" : "CONFIRM", - "url" : "https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3" - }, - { - "name" : "https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5", - "refsource" : "CONFIRM", - "url" : "https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5" - }, - { - "name" : "RHSA-2015:0850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html" - }, - { - "name" : "RHSA-2015:0851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1169553", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169553" + }, + { + "name": "RHSA-2015:0850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html" + }, + { + "name": "https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5", + "refsource": "CONFIRM", + "url": "https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5" + }, + { + "name": "https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3", + "refsource": "CONFIRM", + "url": "https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3" + }, + { + "name": "RHSA-2015:0851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8905.json b/2014/8xxx/CVE-2014-8905.json index 0adec7a24dd..f8bdb1c31ae 100644 --- a/2014/8xxx/CVE-2014-8905.json +++ b/2014/8xxx/CVE-2014-8905.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8905", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8905", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9161.json b/2014/9xxx/CVE-2014-9161.json index a471a1a3d61..cafdbfe4d0b 100644 --- a/2014/9xxx/CVE-2014-9161.json +++ b/2014/9xxx/CVE-2014-9161.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-9161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=149", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=149" - }, - { - "name" : "http://packetstormsecurity.com/files/134394/Adobe-Reader-X-XI-Out-Of-Bounds-Read.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134394/Adobe-Reader-X-XI-Out-Of-Bounds-Read.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html" - }, - { - "name" : "74600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74600" - }, - { - "name" : "1032284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=149", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=149" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-10.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html" + }, + { + "name": "74600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74600" + }, + { + "name": "1032284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032284" + }, + { + "name": "http://packetstormsecurity.com/files/134394/Adobe-Reader-X-XI-Out-Of-Bounds-Read.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134394/Adobe-Reader-X-XI-Out-Of-Bounds-Read.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9380.json b/2014/9xxx/CVE-2014-9380.json index 614b131cdbf..eb8c76ca965 100644 --- a/2014/9xxx/CVE-2014-9380.json +++ b/2014/9xxx/CVE-2014-9380.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534248/100/0/threaded" - }, - { - "name" : "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", - "refsource" : "MISC", - "url" : "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/" - }, - { - "name" : "https://github.com/Ettercap/ettercap/pull/608", - "refsource" : "CONFIRM", - "url" : "https://github.com/Ettercap/ettercap/pull/608" - }, - { - "name" : "GLSA-201505-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201505-01" - }, - { - "name" : "71691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201505-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201505-01" + }, + { + "name": "https://github.com/Ettercap/ettercap/pull/608", + "refsource": "CONFIRM", + "url": "https://github.com/Ettercap/ettercap/pull/608" + }, + { + "name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", + "refsource": "MISC", + "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/" + }, + { + "name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded" + }, + { + "name": "71691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71691" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9547.json b/2014/9xxx/CVE-2014-9547.json index 5b297f990b0..6dbbd93816b 100644 --- a/2014/9xxx/CVE-2014-9547.json +++ b/2014/9xxx/CVE-2014-9547.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9547", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9547", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2019.json b/2016/2xxx/CVE-2016-2019.json index 7599b81aba0..47e49ac448e 100644 --- a/2016/2xxx/CVE-2016-2019.json +++ b/2016/2xxx/CVE-2016-2019.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2069.json b/2016/2xxx/CVE-2016-2069.json index 8803e74ca7e..6a9e8b84335 100644 --- a/2016/2xxx/CVE-2016-2069.json +++ b/2016/2xxx/CVE-2016-2069.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/25/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1301893", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" - }, - { - "name" : "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "DSA-3503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3503" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "RHSA-2017:0817", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0817.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "openSUSE-SU-2016:1008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "USN-2989-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2989-1" - }, - { - "name" : "USN-2998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2998-1" - }, - { - "name" : "USN-2967-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-1" - }, - { - "name" : "USN-2967-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-2" - }, - { - "name" : "USN-2931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2931-1" - }, - { - "name" : "USN-2932-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2932-1" - }, - { - "name" : "81809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81809" + }, + { + "name": "USN-2967-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" + }, + { + "name": "DSA-3503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3503" + }, + { + "name": "USN-2967-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-2" + }, + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "RHSA-2017:0817", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" + }, + { + "name": "USN-2932-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2932-1" + }, + { + "name": "USN-2989-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2989-1" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" + }, + { + "name": "USN-2931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2931-1" + }, + { + "name": "openSUSE-SU-2016:1008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" + }, + { + "name": "USN-2998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2998-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2724.json b/2016/2xxx/CVE-2016-2724.json index d4946c8c87f..0b308123088 100644 --- a/2016/2xxx/CVE-2016-2724.json +++ b/2016/2xxx/CVE-2016-2724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2724", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2724", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2735.json b/2016/2xxx/CVE-2016-2735.json index 48081c79e42..a7df75db319 100644 --- a/2016/2xxx/CVE-2016-2735.json +++ b/2016/2xxx/CVE-2016-2735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2735", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2735", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2772.json b/2016/2xxx/CVE-2016-2772.json index bf72f20b085..c2eaef82191 100644 --- a/2016/2xxx/CVE-2016-2772.json +++ b/2016/2xxx/CVE-2016-2772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2772", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2772", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6015.json b/2016/6xxx/CVE-2016-6015.json index 3eefd02a79c..b2426ae4854 100644 --- a/2016/6xxx/CVE-2016-6015.json +++ b/2016/6xxx/CVE-2016-6015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6244.json b/2016/6xxx/CVE-2016-6244.json index 62fae82c61a..76cc08fde70 100644 --- a/2016/6xxx/CVE-2016-6244.json +++ b/2016/6xxx/CVE-2016-6244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative \"ts.tv_sec\" value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160717 Re: Multiple Bugs in OpenBSD Kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/7" - }, - { - "name" : "91805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative \"ts.tv_sec\" value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91805" + }, + { + "name": "[oss-security] 20160717 Re: Multiple Bugs in OpenBSD Kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6529.json b/2016/6xxx/CVE-2016-6529.json index adcf9dab725..90b178edb86 100644 --- a/2016/6xxx/CVE-2016-6529.json +++ b/2016/6xxx/CVE-2016-6529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6850.json b/2016/6xxx/CVE-2016-6850.json index 9edaebb18c2..af866769c60 100644 --- a/2016/6xxx/CVE-2016-6850.json +++ b/2016/6xxx/CVE-2016-6850.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", - "refsource" : "CONFIRM", - "url" : "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf" - }, - { - "name" : "93457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93457" + }, + { + "name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf", + "refsource": "CONFIRM", + "url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7487.json b/2016/7xxx/CVE-2016-7487.json index 8a2d1aa74ca..2f2c4c92a86 100644 --- a/2016/7xxx/CVE-2016-7487.json +++ b/2016/7xxx/CVE-2016-7487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7487", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7487", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5344.json b/2017/5xxx/CVE-2017-5344.json index 3149fab21b4..e421cb3e3cd 100644 --- a/2017/5xxx/CVE-2017-5344.json +++ b/2017/5xxx/CVE-2017-5344.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41377", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41377/" - }, - { - "name" : "http://dotcms.com/security/SI-39", - "refsource" : "MISC", - "url" : "http://dotcms.com/security/SI-39" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Feb/34", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/34" - }, - { - "name" : "https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh", - "refsource" : "MISC", - "url" : "https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh" - }, - { - "name" : "96259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96259" + }, + { + "name": "https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh", + "refsource": "MISC", + "url": "https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Feb/34", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/34" + }, + { + "name": "http://dotcms.com/security/SI-39", + "refsource": "MISC", + "url": "http://dotcms.com/security/SI-39" + }, + { + "name": "41377", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41377/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5816.json b/2017/5xxx/CVE-2017-5816.json index f4c7d045a69..2b851417fab 100644 --- a/2017/5xxx/CVE-2017-5816.json +++ b/2017/5xxx/CVE-2017-5816.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-07-21T00:00:00", - "ID" : "CVE-2017-5816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 E0504P04" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-07-21T00:00:00", + "ID": "CVE-2017-5816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 E0504P04" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43198", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43198/" - }, - { - "name" : "43493", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43493/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" - }, - { - "name" : "100470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100470" - }, - { - "name" : "1038478", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038478", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038478" + }, + { + "name": "43198", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43198/" + }, + { + "name": "100470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100470" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" + }, + { + "name": "43493", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43493/" + } + ] + } +} \ No newline at end of file