From 0290d21c57e0a5a6cf2dfa4a7c4a494c833e18ba Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:23:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1488.json | 170 +++++++++---------- 2006/1xxx/CVE-2006-1501.json | 170 +++++++++---------- 2006/1xxx/CVE-2006-1850.json | 160 +++++++++--------- 2006/1xxx/CVE-2006-1899.json | 170 +++++++++---------- 2006/5xxx/CVE-2006-5606.json | 180 ++++++++++---------- 2006/5xxx/CVE-2006-5783.json | 150 ++++++++--------- 2007/2xxx/CVE-2007-2738.json | 160 +++++++++--------- 2007/6xxx/CVE-2007-6580.json | 150 ++++++++--------- 2010/0xxx/CVE-2010-0008.json | 230 +++++++++++++------------- 2010/0xxx/CVE-2010-0178.json | 310 +++++++++++++++++------------------ 2010/0xxx/CVE-2010-0628.json | 180 ++++++++++---------- 2010/0xxx/CVE-2010-0698.json | 160 +++++++++--------- 2010/0xxx/CVE-2010-0998.json | 210 ++++++++++++------------ 2010/1xxx/CVE-2010-1021.json | 160 +++++++++--------- 2010/1xxx/CVE-2010-1118.json | 160 +++++++++--------- 2010/1xxx/CVE-2010-1337.json | 140 ++++++++-------- 2010/1xxx/CVE-2010-1385.json | 180 ++++++++++---------- 2010/1xxx/CVE-2010-1617.json | 150 ++++++++--------- 2010/1xxx/CVE-2010-1737.json | 160 +++++++++--------- 2010/4xxx/CVE-2010-4046.json | 190 ++++++++++----------- 2010/4xxx/CVE-2010-4235.json | 130 +++++++-------- 2010/5xxx/CVE-2010-5189.json | 120 +++++++------- 2014/0xxx/CVE-2014-0499.json | 170 +++++++++---------- 2014/0xxx/CVE-2014-0664.json | 170 +++++++++---------- 2014/0xxx/CVE-2014-0700.json | 34 ++-- 2014/0xxx/CVE-2014-0768.json | 130 +++++++-------- 2014/0xxx/CVE-2014-0775.json | 34 ++-- 2014/0xxx/CVE-2014-0910.json | 140 ++++++++-------- 2014/1xxx/CVE-2014-1229.json | 34 ++-- 2014/1xxx/CVE-2014-1480.json | 260 ++++++++++++++--------------- 2014/1xxx/CVE-2014-1813.json | 130 +++++++-------- 2014/4xxx/CVE-2014-4539.json | 34 ++-- 2014/4xxx/CVE-2014-4783.json | 150 ++++++++--------- 2014/4xxx/CVE-2014-4990.json | 34 ++-- 2014/9xxx/CVE-2014-9027.json | 130 +++++++-------- 2014/9xxx/CVE-2014-9112.json | 230 +++++++++++++------------- 2014/9xxx/CVE-2014-9568.json | 120 +++++++------- 2014/9xxx/CVE-2014-9593.json | 150 ++++++++--------- 2014/9xxx/CVE-2014-9648.json | 150 ++++++++--------- 2016/3xxx/CVE-2016-3363.json | 150 ++++++++--------- 2016/3xxx/CVE-2016-3377.json | 140 ++++++++-------- 2016/3xxx/CVE-2016-3993.json | 160 +++++++++--------- 2016/6xxx/CVE-2016-6485.json | 140 ++++++++-------- 2016/6xxx/CVE-2016-6646.json | 140 ++++++++-------- 2016/7xxx/CVE-2016-7363.json | 34 ++-- 2016/8xxx/CVE-2016-8349.json | 34 ++-- 2016/8xxx/CVE-2016-8357.json | 130 +++++++-------- 2016/8xxx/CVE-2016-8493.json | 130 +++++++-------- 2016/8xxx/CVE-2016-8757.json | 130 +++++++-------- 49 files changed, 3539 insertions(+), 3539 deletions(-) diff --git a/2006/1xxx/CVE-2006-1488.json b/2006/1xxx/CVE-2006-1488.json index 8db536cbe47..1598cbb36f3 100644 --- a/2006/1xxx/CVE-2006-1488.json +++ b/2006/1xxx/CVE-2006-1488.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html" - }, - { - "name" : "ADV-2006-1126", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1126" - }, - { - "name" : "24190", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24190" - }, - { - "name" : "24191", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24191" - }, - { - "name" : "19431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19431" - }, - { - "name" : "supporttrio-index-pdf-path-disclosure(25517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1126", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1126" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html" + }, + { + "name": "19431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19431" + }, + { + "name": "24190", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24190" + }, + { + "name": "supporttrio-index-pdf-path-disclosure(25517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25517" + }, + { + "name": "24191", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24191" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1501.json b/2006/1xxx/CVE-2006-1501.json index c9cd18b87f9..c31e4a0b8b9 100644 --- a/2006/1xxx/CVE-2006-1501.json +++ b/2006/1xxx/CVE-2006-1501.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/24/24228-oneorzero.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/24/24228-oneorzero.txt" - }, - { - "name" : "17298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17298" - }, - { - "name" : "ADV-2006-1146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1146" - }, - { - "name" : "24228", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24228" - }, - { - "name" : "19446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19446" - }, - { - "name" : "oneorzero-helpdesk-index-sql-injection(25511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osvdb.org/ref/24/24228-oneorzero.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/24/24228-oneorzero.txt" + }, + { + "name": "24228", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24228" + }, + { + "name": "17298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17298" + }, + { + "name": "ADV-2006-1146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1146" + }, + { + "name": "oneorzero-helpdesk-index-sql-injection(25511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25511" + }, + { + "name": "19446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19446" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1850.json b/2006/1xxx/CVE-2006-1850.json index b75361544e5..ee0be16104e 100644 --- a/2006/1xxx/CVE-2006-1850.json +++ b/2006/1xxx/CVE-2006-1850.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html" - }, - { - "name" : "17614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17614" - }, - { - "name" : "ADV-2006-1412", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1412" - }, - { - "name" : "19707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19707" - }, - { - "name" : "xflow-index-xss(25854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xflow-index-xss(25854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25854" + }, + { + "name": "17614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17614" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html" + }, + { + "name": "ADV-2006-1412", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1412" + }, + { + "name": "19707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19707" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1899.json b/2006/1xxx/CVE-2006-1899.json index a000dceddce..ecde1afe005 100644 --- a/2006/1xxx/CVE-2006-1899.json +++ b/2006/1xxx/CVE-2006-1899.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060417 Neuron Blog <= 1.1 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431131/100/0/threaded" - }, - { - "name" : "17552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17552" - }, - { - "name" : "ADV-2006-1406", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1406" - }, - { - "name" : "1015960", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015960" - }, - { - "name" : "19703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19703" - }, - { - "name" : "neuronblog-addcomment-xss(25913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060417 Neuron Blog <= 1.1 XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431131/100/0/threaded" + }, + { + "name": "1015960", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015960" + }, + { + "name": "17552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17552" + }, + { + "name": "19703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19703" + }, + { + "name": "neuronblog-addcomment-xss(25913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25913" + }, + { + "name": "ADV-2006-1406", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1406" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5606.json b/2006/5xxx/CVE-2006-5606.json index 9348c5025ae..4a678364d70 100644 --- a/2006/5xxx/CVE-2006-5606.json +++ b/2006/5xxx/CVE-2006-5606.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061031 Authentication bypass in BytesFall Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450166/100/100/threaded" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-007.php?lang=en", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-007.php?lang=en" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=627671", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=627671" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=458642&group_id=174110", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=458642&group_id=174110" - }, - { - "name" : "20800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20800" - }, - { - "name" : "ADV-2006-4255", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4255" - }, - { - "name" : "bfexplorer-dologin-sql-injection(29942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=627671", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=627671" + }, + { + "name": "ADV-2006-4255", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4255" + }, + { + "name": "20800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20800" + }, + { + "name": "20061031 Authentication bypass in BytesFall Explorer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450166/100/100/threaded" + }, + { + "name": "bfexplorer-dologin-sql-injection(29942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29942" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=458642&group_id=174110", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=458642&group_id=174110" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-007.php?lang=en", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-007.php?lang=en" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5783.json b/2006/5xxx/CVE-2006-5783.json index adcaec5bcc4..c88518f257f 100644 --- a/2006/5xxx/CVE-2006-5783.json +++ b/2006/5xxx/CVE-2006-5783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061102 Firefox 1.5.0.7 Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450398/100/0/threaded" - }, - { - "name" : "20061102 Re: Firefox 1.5.0.7 Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450424/100/0/threaded" - }, - { - "name" : "20061103 Re: Firefox 1.5.0.7 Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450476/100/0/threaded" - }, - { - "name" : "20061106 Re: Firefox 1.5.0.7 Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450730/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061102 Re: Firefox 1.5.0.7 Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450424/100/0/threaded" + }, + { + "name": "20061106 Re: Firefox 1.5.0.7 Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450730/100/0/threaded" + }, + { + "name": "20061103 Re: Firefox 1.5.0.7 Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450476/100/0/threaded" + }, + { + "name": "20061102 Firefox 1.5.0.7 Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450398/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2738.json b/2007/2xxx/CVE-2007-2738.json index 6e1da50c119..64634cf623f 100644 --- a/2007/2xxx/CVE-2007-2738.json +++ b/2007/2xxx/CVE-2007-2738.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3932", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3932" - }, - { - "name" : "23998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23998" - }, - { - "name" : "37921", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37921" - }, - { - "name" : "ADV-2007-1829", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1829" - }, - { - "name" : "xoops-glossarie-glossariepf-sql-injection(34308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3932", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3932" + }, + { + "name": "23998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23998" + }, + { + "name": "ADV-2007-1829", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1829" + }, + { + "name": "37921", + "refsource": "OSVDB", + "url": "http://osvdb.org/37921" + }, + { + "name": "xoops-glossarie-glossariepf-sql-injection(34308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34308" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6580.json b/2007/6xxx/CVE-2007-6580.json index 5b58c3f2c5d..f4dc5e0dbb8 100644 --- a/2007/6xxx/CVE-2007-6580.json +++ b/2007/6xxx/CVE-2007-6580.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4770", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4770" - }, - { - "name" : "26984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26984" - }, - { - "name" : "40368", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40368" - }, - { - "name" : "40369", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26984" + }, + { + "name": "4770", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4770" + }, + { + "name": "40369", + "refsource": "OSVDB", + "url": "http://osvdb.org/40369" + }, + { + "name": "40368", + "refsource": "OSVDB", + "url": "http://osvdb.org/40368" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0008.json b/2010/0xxx/CVE-2010-0008.json index 825c751ff4d..d21d00edf99 100644 --- a/2010/0xxx/CVE-2010-0008.json +++ b/2010/0xxx/CVE-2010-0008.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100317 CVE-2010-0008 kernel: sctp remote denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/03/17/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ece25dfa0991f65c4e1d26beb1c3c45bda4239b8", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ece25dfa0991f65c4e1d26beb1c3c45bda4239b8" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=555658", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=555658" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "RHSA-2010:0146", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0146.html" - }, - { - "name" : "RHSA-2010:0147", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0147.html" - }, - { - "name" : "RHSA-2010:0342", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0342.html" - }, - { - "name" : "oval:org.mitre.oval:def:11160", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11160" - }, - { - "name" : "39295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39295" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39295" + }, + { + "name": "RHSA-2010:0146", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0146.html" + }, + { + "name": "RHSA-2010:0147", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0147.html" + }, + { + "name": "[oss-security] 20100317 CVE-2010-0008 kernel: sctp remote denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/03/17/2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ece25dfa0991f65c4e1d26beb1c3c45bda4239b8", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ece25dfa0991f65c4e1d26beb1c3c45bda4239b8" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "oval:org.mitre.oval:def:11160", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11160" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0342", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0342.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=555658", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555658" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0178.json b/2010/0xxx/CVE-2010-0178.json index 1c3a036a3f7..a7d4f7ac926 100644 --- a/2010/0xxx/CVE-2010-0178.json +++ b/2010/0xxx/CVE-2010-0178.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-20.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=546909", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=546909" - }, - { - "name" : "DSA-2027", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2027" - }, - { - "name" : "MDVSA-2010:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" - }, - { - "name" : "RHSA-2010:0332", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0332.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-921-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-921-1" - }, - { - "name" : "oval:org.mitre.oval:def:10460", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10460" - }, - { - "name" : "oval:org.mitre.oval:def:6975", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6975" - }, - { - "name" : "1023776", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023776" - }, - { - "name" : "39136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39136" - }, - { - "name" : "39240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39240" - }, - { - "name" : "39243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39243" - }, - { - "name" : "39308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39308" - }, - { - "name" : "39397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39397" - }, - { - "name" : "ADV-2010-0748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0748" - }, - { - "name" : "ADV-2010-0764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0764" - }, - { - "name" : "ADV-2010-0781", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0781" - }, - { - "name" : "ADV-2010-0849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0849" - }, - { - "name" : "firefox-draganddrop-code-execution(57391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=546909", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=546909" + }, + { + "name": "39397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39397" + }, + { + "name": "39308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39308" + }, + { + "name": "39136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39136" + }, + { + "name": "ADV-2010-0781", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0781" + }, + { + "name": "USN-921-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-921-1" + }, + { + "name": "1023776", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023776" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-20.html" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "ADV-2010-0764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0764" + }, + { + "name": "firefox-draganddrop-code-execution(57391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57391" + }, + { + "name": "MDVSA-2010:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" + }, + { + "name": "oval:org.mitre.oval:def:10460", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10460" + }, + { + "name": "39243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39243" + }, + { + "name": "oval:org.mitre.oval:def:6975", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6975" + }, + { + "name": "ADV-2010-0748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0748" + }, + { + "name": "ADV-2010-0849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0849" + }, + { + "name": "DSA-2027", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2027" + }, + { + "name": "RHSA-2010:0332", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0332.html" + }, + { + "name": "39240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39240" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0628.json b/2010/0xxx/CVE-2010-0628.json index d1c741bf888..55568df72fa 100644 --- a/2010/0xxx/CVE-2010-0628.json +++ b/2010/0xxx/CVE-2010-0628.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510281/100/0/threaded" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=566258", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=566258" - }, - { - "name" : "USN-916-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-916-1" - }, - { - "name" : "VU#839413", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/839413" - }, - { - "name" : "38904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38904" - }, - { - "name" : "39023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-916-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-916-1" + }, + { + "name": "20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510281/100/0/threaded" + }, + { + "name": "38904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38904" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=566258", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt" + }, + { + "name": "39023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39023" + }, + { + "name": "VU#839413", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/839413" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0698.json b/2010/0xxx/CVE-2010-0698.json index 4adc13e89f5..18f4b53a4e6 100644 --- a/2010/0xxx/CVE-2010-0698.json +++ b/2010/0xxx/CVE-2010-0698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/wsccms-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/wsccms-sql.txt" - }, - { - "name" : "11507", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11507" - }, - { - "name" : "38335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38335" - }, - { - "name" : "38698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38698" - }, - { - "name" : "wsccms-login-sql-injection(56406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11507", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11507" + }, + { + "name": "wsccms-login-sql-injection(56406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56406" + }, + { + "name": "38698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38698" + }, + { + "name": "38335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38335" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/wsccms-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/wsccms-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0998.json b/2010/0xxx/CVE-2010-0998.json index 6088041aad6..2b4f49f5da0 100644 --- a/2010/0xxx/CVE-2010-0998.json +++ b/2010/0xxx/CVE-2010-0998.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100513 Secunia Research: Free Download Manager Four Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511282/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-68/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-68/" - }, - { - "name" : "40146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40146" - }, - { - "name" : "64671", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64671" - }, - { - "name" : "64672", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64672" - }, - { - "name" : "64673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64673" - }, - { - "name" : "64674", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64674" - }, - { - "name" : "oval:org.mitre.oval:def:7006", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7006" - }, - { - "name" : "39447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39447" - }, - { - "name" : "fdm-siteexplorer-bo(58626)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fdm-siteexplorer-bo(58626)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58626" + }, + { + "name": "40146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40146" + }, + { + "name": "64671", + "refsource": "OSVDB", + "url": "http://osvdb.org/64671" + }, + { + "name": "20100513 Secunia Research: Free Download Manager Four Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511282/100/0/threaded" + }, + { + "name": "39447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39447" + }, + { + "name": "64672", + "refsource": "OSVDB", + "url": "http://osvdb.org/64672" + }, + { + "name": "oval:org.mitre.oval:def:7006", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7006" + }, + { + "name": "http://secunia.com/secunia_research/2010-68/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-68/" + }, + { + "name": "64674", + "refsource": "OSVDB", + "url": "http://osvdb.org/64674" + }, + { + "name": "64673", + "refsource": "OSVDB", + "url": "http://osvdb.org/64673" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1021.json b/2010/1xxx/CVE-2010-1021.json index c0323c961cb..841adc3dda2 100644 --- a/2010/1xxx/CVE-2010-1021.json +++ b/2010/1xxx/CVE-2010-1021.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38818" - }, - { - "name" : "63036", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63036" - }, - { - "name" : "38993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/" + }, + { + "name": "38993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38993" + }, + { + "name": "38818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38818" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + }, + { + "name": "63036", + "refsource": "OSVDB", + "url": "http://osvdb.org/63036" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1118.json b/2010/1xxx/CVE-2010-1118.json index ceac1edefa7..57097f13df2 100644 --- a/2010/1xxx/CVE-2010-1118.json +++ b/2010/1xxx/CVE-2010-1118.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" - }, - { - "name" : "http://news.cnet.com/8301-27080_3-20001126-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20001126-245.html" - }, - { - "name" : "http://twitter.com/thezdi/statuses/11003801960", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/11003801960" - }, - { - "name" : "http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf", - "refsource" : "MISC", - "url" : "http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf" - }, - { - "name" : "ie-unspecified-code-exec(57197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" + }, + { + "name": "http://twitter.com/thezdi/statuses/11003801960", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/11003801960" + }, + { + "name": "ie-unspecified-code-exec(57197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57197" + }, + { + "name": "http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf", + "refsource": "MISC", + "url": "http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf" + }, + { + "name": "http://news.cnet.com/8301-27080_3-20001126-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20001126-245.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1337.json b/2010/1xxx/CVE-2010-1337.json index fe3445b2952..5bacd631654 100644 --- a/2010/1xxx/CVE-2010-1337.json +++ b/2010/1xxx/CVE-2010-1337.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt" - }, - { - "name" : "38889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38889" - }, - { - "name" : "vanilla-definitions-file-include(57147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vanilla-definitions-file-include(57147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57147" + }, + { + "name": "38889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38889" + }, + { + "name": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1385.json b/2010/1xxx/CVE-2010-1385.json index cc7d2afc845..c9e4f4bc6f0 100644 --- a/2010/1xxx/CVE-2010-1385.json +++ b/2010/1xxx/CVE-2010-1385.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:7199", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7199" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7199", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7199" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1617.json b/2010/1xxx/CVE-2010-1617.json index 271ab5866cc..d05a1758df8 100644 --- a/2010/1xxx/CVE-2010-1617.json +++ b/2010/1xxx/CVE-2010-1617.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29", - "refsource" : "CONFIRM", - "url" : "http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29" - }, - { - "name" : "http://moodle.org/security/", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/security/" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29", + "refsource": "CONFIRM", + "url": "http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "http://moodle.org/security/", + "refsource": "CONFIRM", + "url": "http://moodle.org/security/" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1737.json b/2010/1xxx/CVE-2010-1737.json index 1bc8b56bc6a..02c76a3b2c7 100644 --- a/2010/1xxx/CVE-2010-1737.json +++ b/2010/1xxx/CVE-2010-1737.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/gallo-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/gallo-rfi.txt" - }, - { - "name" : "12488", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12488" - }, - { - "name" : "39890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39890" - }, - { - "name" : "39706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39706" - }, - { - "name" : "ADV-2010-1060", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39706" + }, + { + "name": "ADV-2010-1060", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1060" + }, + { + "name": "12488", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12488" + }, + { + "name": "39890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39890" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/gallo-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/gallo-rfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4046.json b/2010/4xxx/CVE-2010-4046.json index 4e199b5a7a3..1635ce721e4 100644 --- a/2010/4xxx/CVE-2010-4046.json +++ b/2010/4xxx/CVE-2010-4046.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://technet.microsoft.com/library/security/msvr11-002", - "refsource" : "MISC", - "url" : "https://technet.microsoft.com/library/security/msvr11-002" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1063/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1063/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1063/" - }, - { - "name" : "http://www.opera.com/support/kb/view/974/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/974/" - }, - { - "name" : "oval:org.mitre.oval:def:11937", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11937" - }, - { - "name" : "1024570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024570" - }, - { - "name" : "41740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://technet.microsoft.com/library/security/msvr11-002", + "refsource": "MISC", + "url": "https://technet.microsoft.com/library/security/msvr11-002" + }, + { + "name": "1024570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024570" + }, + { + "name": "http://www.opera.com/support/kb/view/974/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/974/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1063/" + }, + { + "name": "41740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41740" + }, + { + "name": "oval:org.mitre.oval:def:11937", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11937" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1063/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1063/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1063/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4235.json b/2010/4xxx/CVE-2010-4235.json index d74d3518e2c..fe5a14d399a 100644 --- a/2010/4xxx/CVE-2010-4235.json +++ b/2010/4xxx/CVE-2010-4235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf", - "refsource" : "CONFIRM", - "url" : "http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf" - }, - { - "name" : "47110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47110" + }, + { + "name": "http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf", + "refsource": "CONFIRM", + "url": "http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5189.json b/2010/5xxx/CVE-2010-5189.json index 73b50f22662..a6e184dadb8 100644 --- a/2010/5xxx/CVE-2010-5189.json +++ b/2010/5xxx/CVE-2010-5189.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA45", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA45" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA45", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA45" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0499.json b/2014/0xxx/CVE-2014-0499.json index 47f151d7493..6fe013490de 100644 --- a/2014/0xxx/CVE-2014-0499.json +++ b/2014/0xxx/CVE-2014-0499.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" - }, - { - "name" : "GLSA-201405-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml" - }, - { - "name" : "RHSA-2014:0196", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0196.html" - }, - { - "name" : "openSUSE-SU-2014:0277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2014:0278", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" - }, - { - "name" : "SUSE-SU-2014:0290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0278", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" + }, + { + "name": "GLSA-201405-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" + }, + { + "name": "RHSA-2014:0196", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html" + }, + { + "name": "SUSE-SU-2014:0290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" + }, + { + "name": "openSUSE-SU-2014:0277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0664.json b/2014/0xxx/CVE-2014-0664.json index 66f77618049..ad38e8294a9 100644 --- a/2014/0xxx/CVE-2014-0664.json +++ b/2014/0xxx/CVE-2014-0664.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140110 Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0664" - }, - { - "name" : "64772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64772" - }, - { - "name" : "101915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101915" - }, - { - "name" : "1029593", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029593" - }, - { - "name" : "56370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56370" - }, - { - "name" : "cisco-unity-cve20140664-dos(90234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101915", + "refsource": "OSVDB", + "url": "http://osvdb.org/101915" + }, + { + "name": "1029593", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029593" + }, + { + "name": "20140110 Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0664" + }, + { + "name": "cisco-unity-cve20140664-dos(90234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90234" + }, + { + "name": "56370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56370" + }, + { + "name": "64772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64772" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0700.json b/2014/0xxx/CVE-2014-0700.json index 0c37604c7d8..c1be117bfb6 100644 --- a/2014/0xxx/CVE-2014-0700.json +++ b/2014/0xxx/CVE-2014-0700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0768.json b/2014/0xxx/CVE-2014-0768.json index 59fb691a84e..d5e6e661326 100644 --- a/2014/0xxx/CVE-2014-0768.json +++ b/2014/0xxx/CVE-2014-0768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" - }, - { - "name" : "66732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" + }, + { + "name": "66732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66732" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0775.json b/2014/0xxx/CVE-2014-0775.json index 38af3d4a48b..98fbe6b6196 100644 --- a/2014/0xxx/CVE-2014-0775.json +++ b/2014/0xxx/CVE-2014-0775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0775", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0775", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0910.json b/2014/0xxx/CVE-2014-0910.json index cc8a7c584ac..5d65b57a7df 100644 --- a/2014/0xxx/CVE-2014-0910.json +++ b/2014/0xxx/CVE-2014-0910.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675257", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675257" - }, - { - "name" : "PI18845", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845" - }, - { - "name" : "ibm-wcm-cve20140910-xss(91875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-wcm-cve20140910-xss(91875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875" + }, + { + "name": "PI18845", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1229.json b/2014/1xxx/CVE-2014-1229.json index 24b65c6e907..036e5592d3f 100644 --- a/2014/1xxx/CVE-2014-1229.json +++ b/2014/1xxx/CVE-2014-1229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1480.json b/2014/1xxx/CVE-2014-1480.json index 97ee0cc4e10..4b79d478a92 100644 --- a/2014/1xxx/CVE-2014-1480.json +++ b/2014/1xxx/CVE-2014-1480.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=916726", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=916726" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "SUSE-SU-2014:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0212", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "USN-2102-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-1" - }, - { - "name" : "USN-2102-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-2" - }, - { - "name" : "65331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65331" - }, - { - "name" : "102867", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102867" - }, - { - "name" : "1029717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029717" - }, - { - "name" : "1029720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029720" - }, - { - "name" : "56888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56888" - }, - { - "name" : "firefox-cve20141480-spoofing(90897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0212", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" + }, + { + "name": "1029717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029717" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" + }, + { + "name": "1029720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029720" + }, + { + "name": "USN-2102-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-2" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "56888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56888" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "firefox-cve20141480-spoofing(90897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90897" + }, + { + "name": "102867", + "refsource": "OSVDB", + "url": "http://osvdb.org/102867" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=916726", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916726" + }, + { + "name": "SUSE-SU-2014:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" + }, + { + "name": "USN-2102-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-1" + }, + { + "name": "65331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65331" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1813.json b/2014/1xxx/CVE-2014-1813.json index 1c35cb89ec1..77d84206d15 100644 --- a/2014/1xxx/CVE-2014-1813.json +++ b/2014/1xxx/CVE-2014-1813.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka \"Web Applications Page Content Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022" - }, - { - "name" : "1030227", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka \"Web Applications Page Content Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022" + }, + { + "name": "1030227", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030227" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4539.json b/2014/4xxx/CVE-2014-4539.json index ec1cef820e3..6c1b0d9f3e7 100644 --- a/2014/4xxx/CVE-2014-4539.json +++ b/2014/4xxx/CVE-2014-4539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4783.json b/2014/4xxx/CVE-2014-4783.json index 09287d4f6db..8ff51c30c53 100644 --- a/2014/4xxx/CVE-2014-4783.json +++ b/2014/4xxx/CVE-2014-4783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682450" - }, - { - "name" : "69693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69693" - }, - { - "name" : "60996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60996" - }, - { - "name" : "ibm-imds-cve20144783-csrf(95030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69693" + }, + { + "name": "ibm-imds-cve20144783-csrf(95030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450" + }, + { + "name": "60996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60996" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4990.json b/2014/4xxx/CVE-2014-4990.json index 23f8f546d22..a8e9b83c122 100644 --- a/2014/4xxx/CVE-2014-4990.json +++ b/2014/4xxx/CVE-2014-4990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4990", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4990", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9027.json b/2014/9xxx/CVE-2014-9027.json index 08d9ac06616..8e693495963 100644 --- a/2014/9xxx/CVE-2014-9027.json +++ b/2014/9xxx/CVE-2014-9027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129041", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129041" - }, - { - "name" : "zte831cii-accesslocal-csrf(98590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zte831cii-accesslocal-csrf(98590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98590" + }, + { + "name": "http://packetstormsecurity.com/files/129041", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129041" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9112.json b/2014/9xxx/CVE-2014-9112.json index 9aa751b3b23..462140eb317 100644 --- a/2014/9xxx/CVE-2014-9112.json +++ b/2014/9xxx/CVE-2014-9112.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141123 on Linux, 'less' can probably get you owned", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/74" - }, - { - "name" : "[oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/23/2" - }, - { - "name" : "[oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/25/2" - }, - { - "name" : "[oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/26/20" - }, - { - "name" : "https://savannah.gnu.org/bugs/?43709", - "refsource" : "MISC", - "url" : "https://savannah.gnu.org/bugs/?43709" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3111", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3111" - }, - { - "name" : "USN-2456-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2456-1" - }, - { - "name" : "71248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71248" - }, - { - "name" : "60167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60167" - }, - { - "name" : "62145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62145" - }, - { - "name" : "linux-kernel-lesspipe-code-exec(98918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62145" + }, + { + "name": "60167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60167" + }, + { + "name": "linux-kernel-lesspipe-code-exec(98918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918" + }, + { + "name": "71248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71248" + }, + { + "name": "20141123 on Linux, 'less' can probably get you owned", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/74" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "https://savannah.gnu.org/bugs/?43709", + "refsource": "MISC", + "url": "https://savannah.gnu.org/bugs/?43709" + }, + { + "name": "[oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/25/2" + }, + { + "name": "[oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/26/20" + }, + { + "name": "USN-2456-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2456-1" + }, + { + "name": "[oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/23/2" + }, + { + "name": "DSA-3111", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3111" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9568.json b/2014/9xxx/CVE-2014-9568.json index d158768f7c9..c97cbb819d8 100644 --- a/2014/9xxx/CVE-2014-9568.json +++ b/2014/9xxx/CVE-2014-9568.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://puppetlabs.com/security/cve/cve-2014-9568", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2014-9568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://puppetlabs.com/security/cve/cve-2014-9568", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2014-9568" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9593.json b/2014/9xxx/CVE-2014-9593.json index 405e33f8121..bb875428495 100644 --- a/2014/9xxx/CVE-2014-9593.json +++ b/2014/9xxx/CVE-2014-9593.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html", - "refsource" : "CONFIRM", - "url" : "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html" - }, - { - "name" : "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release", - "refsource" : "CONFIRM", - "url" : "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release" - }, - { - "name" : "https://issues.apache.org/jira/browse/CLOUDSTACK-7952", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/CLOUDSTACK-7952" - }, - { - "name" : "62216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html", + "refsource": "CONFIRM", + "url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html" + }, + { + "name": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release", + "refsource": "CONFIRM", + "url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release" + }, + { + "name": "62216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62216" + }, + { + "name": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9648.json b/2014/9xxx/CVE-2014-9648.json index 9e9f6541f28..5ca3234c027 100644 --- a/2014/9xxx/CVE-2014-9648.json +++ b/2014/9xxx/CVE-2014-9648.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=331571", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=331571" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=449894", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=449894" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=331571", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=331571" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=449894", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=449894" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3363.json b/2016/3xxx/CVE-2016-3363.json index 1b051e28bdf..9a82bc2aed7 100644 --- a/2016/3xxx/CVE-2016-3363.json +++ b/2016/3xxx/CVE-2016-3363.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3381." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff", - "refsource" : "MISC", - "url" : "https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff" - }, - { - "name" : "MS16-107", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107" - }, - { - "name" : "92801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92801" - }, - { - "name" : "1036785", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3381." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036785", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036785" + }, + { + "name": "https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff", + "refsource": "MISC", + "url": "https://medium.com/@steventseeley/ms16-107-microsoft-office-excel-eof-record-type-confusion-remote-code-execution-vulnerability-1105d52764ff" + }, + { + "name": "92801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92801" + }, + { + "name": "MS16-107", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3377.json b/2016/3xxx/CVE-2016-3377.json index 702613c6627..843cdffe200 100644 --- a/2016/3xxx/CVE-2016-3377.json +++ b/2016/3xxx/CVE-2016-3377.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3350." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" - }, - { - "name" : "92797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92797" - }, - { - "name" : "1036789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3350." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036789" + }, + { + "name": "92797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92797" + }, + { + "name": "MS16-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3993.json b/2016/3xxx/CVE-2016-3993.json index 65cd75da973..094daf10add 100644 --- a/2016/3xxx/CVE-2016-3993.json +++ b/2016/3xxx/CVE-2016-3993.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Enlightenment-announce] 20160501 imlib2 1.4.9", - "refsource" : "MLIST", - "url" : "https://sourceforge.net/p/enlightenment/mailman/message/35055012/" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818" - }, - { - "name" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef" - }, - { - "name" : "DSA-3555", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3555" - }, - { - "name" : "openSUSE-SU-2016:1330", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef" + }, + { + "name": "[Enlightenment-announce] 20160501 imlib2 1.4.9", + "refsource": "MLIST", + "url": "https://sourceforge.net/p/enlightenment/mailman/message/35055012/" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818" + }, + { + "name": "DSA-3555", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3555" + }, + { + "name": "openSUSE-SU-2016:1330", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6485.json b/2016/6xxx/CVE-2016-6485.json index 1e016c77c33..153f42e51e1 100644 --- a/2016/6xxx/CVE-2016-6485.json +++ b/2016/6xxx/CVE-2016-6485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160719 Ruining the Magic of Magento's Encryption Library", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/19/3" - }, - { - "name" : "[oss-security] 20160727 Re: Ruining the Magic of Magento's Encryption Library", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/27/14" - }, - { - "name" : "https://github.com/magento/magento2/pull/15017", - "refsource" : "CONFIRM", - "url" : "https://github.com/magento/magento2/pull/15017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/magento/magento2/pull/15017", + "refsource": "CONFIRM", + "url": "https://github.com/magento/magento2/pull/15017" + }, + { + "name": "[oss-security] 20160719 Ruining the Magic of Magento's Encryption Library", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/19/3" + }, + { + "name": "[oss-security] 20160727 Re: Ruining the Magic of Magento's Encryption Library", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/27/14" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6646.json b/2016/6xxx/CVE-2016-6646.json index febdcf1d49f..f59569345eb 100644 --- a/2016/6xxx/CVE-2016-6646.json +++ b/2016/6xxx/CVE-2016-6646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-6646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161004 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Oct/7" - }, - { - "name" : "93343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93343" - }, - { - "name" : "1036941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20161004 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Oct/7" + }, + { + "name": "1036941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036941" + }, + { + "name": "93343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93343" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7363.json b/2016/7xxx/CVE-2016-7363.json index ab7209e9fb9..2fe35361cb9 100644 --- a/2016/7xxx/CVE-2016-7363.json +++ b/2016/7xxx/CVE-2016-7363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7363", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7363", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8349.json b/2016/8xxx/CVE-2016-8349.json index e2f17a1abfd..5440ef4d499 100644 --- a/2016/8xxx/CVE-2016-8349.json +++ b/2016/8xxx/CVE-2016-8349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8349", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8349", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8357.json b/2016/8xxx/CVE-2016-8357.json index 01e753393f3..44d45e96fb7 100644 --- a/2016/8xxx/CVE-2016-8357.json +++ b/2016/8xxx/CVE-2016-8357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older", - "version" : { - "version_data" : [ - { - "version_value" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lynxspring JENEsys BAS Bridge authorization bypass" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lynxspring JENEsys BAS Bridge 1.1.8 and older", + "version": { + "version_data": [ + { + "version_value": "Lynxspring JENEsys BAS Bridge 1.1.8 and older" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" - }, - { - "name" : "94344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lynxspring JENEsys BAS Bridge authorization bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94344" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8493.json b/2016/8xxx/CVE-2016-8493.json index 7510e3966d5..9713dc7e368 100644 --- a/2016/8xxx/CVE-2016-8493.json +++ b/2016/8xxx/CVE-2016-8493.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2016-8493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiClient", - "version" : { - "version_data" : [ - { - "version_value" : "FortiClient 5.4.2, 5.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2016-8493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClient", + "version": { + "version_data": [ + { + "version_value": "FortiClient 5.4.2, 5.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-16-095", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-16-095" - }, - { - "name" : "101682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-16-095", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-16-095" + }, + { + "name": "101682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101682" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8757.json b/2016/8xxx/CVE-2016-8757.json index 0a0b721ba1a..74593c41ee8 100644 --- a/2016/8xxx/CVE-2016-8757.json +++ b/2016/8xxx/CVE-2016-8757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P9 EVA-AL10C00B192 and earlier versions,EVA-DL10C00B192 and earlier versions,EVA-TL10C00B192 and earlier versions,EVA-CL10C00B192 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "P9 EVA-AL10C00B192 and earlier versions,EVA-DL10C00B192 and earlier versions,EVA-TL10C00B192 and earlier versions,EVA-CL10C00B192 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P9 EVA-AL10C00B192 and earlier versions,EVA-DL10C00B192 and earlier versions,EVA-TL10C00B192 and earlier versions,EVA-CL10C00B192 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "P9 EVA-AL10C00B192 and earlier versions,EVA-DL10C00B192 and earlier versions,EVA-TL10C00B192 and earlier versions,EVA-CL10C00B192 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en" - }, - { - "name" : "93932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en" + }, + { + "name": "93932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93932" + } + ] + } +} \ No newline at end of file