From 0988b3f0c6203105519ab57c6893e21748bc1139 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:09:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0657.json | 190 ++++---- 2006/0xxx/CVE-2006-0938.json | 160 +++---- 2006/0xxx/CVE-2006-0946.json | 180 +++---- 2006/1xxx/CVE-2006-1510.json | 180 +++---- 2006/3xxx/CVE-2006-3949.json | 150 +++--- 2006/4xxx/CVE-2006-4091.json | 160 +++---- 2006/4xxx/CVE-2006-4278.json | 170 +++---- 2006/4xxx/CVE-2006-4302.json | 210 ++++----- 2006/4xxx/CVE-2006-4387.json | 180 +++---- 2010/2xxx/CVE-2010-2271.json | 130 ++--- 2010/2xxx/CVE-2010-2326.json | 170 +++---- 2010/2xxx/CVE-2010-2348.json | 150 +++--- 2010/2xxx/CVE-2010-2429.json | 150 +++--- 2010/2xxx/CVE-2010-2451.json | 200 ++++---- 2010/3xxx/CVE-2010-3281.json | 190 ++++---- 2010/3xxx/CVE-2010-3753.json | 170 +++---- 2010/3xxx/CVE-2010-3977.json | 160 +++---- 2010/4xxx/CVE-2010-4224.json | 34 +- 2010/4xxx/CVE-2010-4476.json | 890 +++++++++++++++++------------------ 2010/4xxx/CVE-2010-4714.json | 150 +++--- 2011/1xxx/CVE-2011-1730.json | 200 ++++---- 2011/1xxx/CVE-2011-1773.json | 160 +++---- 2011/5xxx/CVE-2011-5324.json | 150 +++--- 2014/3xxx/CVE-2014-3074.json | 260 +++++----- 2014/3xxx/CVE-2014-3364.json | 130 ++--- 2014/3xxx/CVE-2014-3836.json | 120 ++--- 2014/3xxx/CVE-2014-3989.json | 34 +- 2014/7xxx/CVE-2014-7336.json | 140 +++--- 2014/7xxx/CVE-2014-7481.json | 140 +++--- 2014/8xxx/CVE-2014-8297.json | 34 +- 2014/8xxx/CVE-2014-8306.json | 130 ++--- 2014/8xxx/CVE-2014-8414.json | 130 ++--- 2014/8xxx/CVE-2014-8533.json | 120 ++--- 2014/8xxx/CVE-2014-8630.json | 180 +++---- 2014/8xxx/CVE-2014-8739.json | 34 +- 2014/9xxx/CVE-2014-9128.json | 34 +- 2014/9xxx/CVE-2014-9137.json | 120 ++--- 2014/9xxx/CVE-2014-9171.json | 34 +- 2016/2xxx/CVE-2016-2216.json | 190 ++++---- 2016/2xxx/CVE-2016-2423.json | 130 ++--- 2016/2xxx/CVE-2016-2466.json | 120 ++--- 2016/2xxx/CVE-2016-2863.json | 150 +++--- 2016/6xxx/CVE-2016-6040.json | 226 ++++----- 2016/6xxx/CVE-2016-6285.json | 160 +++---- 2016/6xxx/CVE-2016-6420.json | 140 +++--- 2016/6xxx/CVE-2016-6592.json | 34 +- 2016/6xxx/CVE-2016-6634.json | 160 +++---- 2016/7xxx/CVE-2016-7176.json | 170 +++---- 2016/7xxx/CVE-2016-7355.json | 34 +- 2016/7xxx/CVE-2016-7911.json | 160 +++---- 2016/7xxx/CVE-2016-7937.json | 170 +++---- 2017/5xxx/CVE-2017-5143.json | 130 ++--- 2017/5xxx/CVE-2017-5426.json | 184 ++++---- 53 files changed, 4141 insertions(+), 4141 deletions(-) diff --git a/2006/0xxx/CVE-2006-0657.json b/2006/0xxx/CVE-2006-0657.json index 6e021211d45..55ec382912f 100644 --- a/2006/0xxx/CVE-2006-0657.json +++ b/2006/0xxx/CVE-2006-0657.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://evuln.com/vulns/63/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/63/summary.html" - }, - { - "name" : "16588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16588" - }, - { - "name" : "ADV-2006-0507", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0507" - }, - { - "name" : "23071", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23071" - }, - { - "name" : "23072", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23072" - }, - { - "name" : "18792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18792" - }, - { - "name" : "442", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/442" - }, - { - "name" : "phpeventcalendar-users-xss(24523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23071", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23071" + }, + { + "name": "http://evuln.com/vulns/63/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/63/summary.html" + }, + { + "name": "18792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18792" + }, + { + "name": "ADV-2006-0507", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0507" + }, + { + "name": "23072", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23072" + }, + { + "name": "442", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/442" + }, + { + "name": "16588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16588" + }, + { + "name": "phpeventcalendar-users-xss(24523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24523" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0938.json b/2006/0xxx/CVE-2006-0938.json index fa15cf81637..1846d77e43f 100644 --- a/2006/0xxx/CVE-2006-0938.json +++ b/2006/0xxx/CVE-2006-0938.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060225 Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSSvulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426076/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=16", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=16" - }, - { - "name" : "16817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16817" - }, - { - "name" : "1015683", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015683" - }, - { - "name" : "ezpublish-referrerurl-xss(24956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nukedx.com/?viewdoc=16", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=16" + }, + { + "name": "16817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16817" + }, + { + "name": "ezpublish-referrerurl-xss(24956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24956" + }, + { + "name": "20060225 Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSSvulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426076/100/0/threaded" + }, + { + "name": "1015683", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015683" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0946.json b/2006/0xxx/CVE-2006-0946.json index 87e8779184e..467fa61bf6f 100644 --- a/2006/0xxx/CVE-2006-0946.json +++ b/2006/0xxx/CVE-2006-0946.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060226 Thomson SpeedTouch 500 modems vulnerable to XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426186" - }, - { - "name" : "16839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16839" - }, - { - "name" : "ADV-2006-0765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0765" - }, - { - "name" : "23527", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23527" - }, - { - "name" : "1015688", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015688" - }, - { - "name" : "19069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19069" - }, - { - "name" : "speedtouch-localnetwork-xss(24977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015688", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015688" + }, + { + "name": "16839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16839" + }, + { + "name": "ADV-2006-0765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0765" + }, + { + "name": "20060226 Thomson SpeedTouch 500 modems vulnerable to XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426186" + }, + { + "name": "23527", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23527" + }, + { + "name": "19069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19069" + }, + { + "name": "speedtouch-localnetwork-xss(24977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24977" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1510.json b/2006/1xxx/CVE-2006-1510.json index 4075971ff2d..e08c336714b 100644 --- a/2006/1xxx/CVE-2006-1510.json +++ b/2006/1xxx/CVE-2006-1510.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060327 Buffer OverFlow in ILASM and ILDASM", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html" - }, - { - "name" : "http://owasp.net/forums/234/showpost.aspx", - "refsource" : "MISC", - "url" : "http://owasp.net/forums/234/showpost.aspx" - }, - { - "name" : "http://owasp.net/forums/257/showpost.aspx", - "refsource" : "MISC", - "url" : "http://owasp.net/forums/257/showpost.aspx" - }, - { - "name" : "17243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17243" - }, - { - "name" : "ADV-2006-1113", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1113" - }, - { - "name" : "19406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19406" - }, - { - "name" : "ms-dotnet-ildasm-bo(25439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17243" + }, + { + "name": "19406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19406" + }, + { + "name": "20060327 Buffer OverFlow in ILASM and ILDASM", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html" + }, + { + "name": "http://owasp.net/forums/257/showpost.aspx", + "refsource": "MISC", + "url": "http://owasp.net/forums/257/showpost.aspx" + }, + { + "name": "ADV-2006-1113", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1113" + }, + { + "name": "http://owasp.net/forums/234/showpost.aspx", + "refsource": "MISC", + "url": "http://owasp.net/forums/234/showpost.aspx" + }, + { + "name": "ms-dotnet-ildasm-bo(25439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25439" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3949.json b/2006/3xxx/CVE-2006-3949.json index 29be9f6fe1b..5f31c326afc 100644 --- a/2006/3xxx/CVE-2006-3949.json +++ b/2006/3xxx/CVE-2006-3949.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060729 artlinks Mambo Component <= Remote Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441541/100/0/threaded" - }, - { - "name" : "19223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19223" - }, - { - "name" : "1318", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1318" - }, - { - "name" : "artlinks-dispnew-file-include(28075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1318", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1318" + }, + { + "name": "artlinks-dispnew-file-include(28075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28075" + }, + { + "name": "19223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19223" + }, + { + "name": "20060729 artlinks Mambo Component <= Remote Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441541/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4091.json b/2006/4xxx/CVE-2006-4091.json index 6316a6b9cda..da470b66c2f 100644 --- a/2006/4xxx/CVE-2006-4091.json +++ b/2006/4xxx/CVE-2006-4091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060808 Archangel Weblog 0.90.02 and prior Multiple HTML injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442580/100/0/threaded" - }, - { - "name" : "19432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19432" - }, - { - "name" : "1016670", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016670" - }, - { - "name" : "1360", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1360" - }, - { - "name" : "archangel-name-comment-xss(28287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060808 Archangel Weblog 0.90.02 and prior Multiple HTML injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442580/100/0/threaded" + }, + { + "name": "1016670", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016670" + }, + { + "name": "19432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19432" + }, + { + "name": "archangel-name-comment-xss(28287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28287" + }, + { + "name": "1360", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1360" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4278.json b/2006/4xxx/CVE-2006-4278.json index 70b00af7727..a6d951869e1 100644 --- a/2006/4xxx/CVE-2006-4278.json +++ b/2006/4xxx/CVE-2006-4278.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2227", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2227" - }, - { - "name" : "19610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19610" - }, - { - "name" : "ADV-2006-3337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3337" - }, - { - "name" : "28038", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28038" - }, - { - "name" : "21594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21594" - }, - { - "name" : "sportsphool-footer-file-include(28473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sportsphool-footer-file-include(28473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28473" + }, + { + "name": "2227", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2227" + }, + { + "name": "19610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19610" + }, + { + "name": "28038", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28038" + }, + { + "name": "21594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21594" + }, + { + "name": "ADV-2006-3337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3337" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4302.json b/2006/4xxx/CVE-2006-4302.json index faa1cea091d..aa508e86945 100644 --- a/2006/4xxx/CVE-2006-4302.json +++ b/2006/4xxx/CVE-2006-4302.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041126 Java version downgrading proof-of-concept", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/382413" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "102557", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1" - }, - { - "name" : "11757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11757" - }, - { - "name" : "8879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8879" - }, - { - "name" : "ADV-2006-3354", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3354" - }, - { - "name" : "28109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28109" - }, - { - "name" : "1016732", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016732" - }, - { - "name" : "1016733", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016733" - }, - { - "name" : "21570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102557", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1" + }, + { + "name": "8879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8879" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "28109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28109" + }, + { + "name": "20041126 Java version downgrading proof-of-concept", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/382413" + }, + { + "name": "1016732", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016732" + }, + { + "name": "1016733", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016733" + }, + { + "name": "11757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11757" + }, + { + "name": "ADV-2006-3354", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3354" + }, + { + "name": "21570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21570" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4387.json b/2006/4xxx/CVE-2006-4387.json index a4a24307e91..3788650e971 100644 --- a/2006/4xxx/CVE-2006-4387.json +++ b/2006/4xxx/CVE-2006-4387.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the \"Allow user to administer this computer\" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "20271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20271" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "29273", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29273" - }, - { - "name" : "1016955", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016955" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "macos-webobjects-incorrect-privileges(29296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the \"Allow user to administer this computer\" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016955", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016955" + }, + { + "name": "20271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20271" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "macos-webobjects-incorrect-privileges(29296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29296" + }, + { + "name": "29273", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29273" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2271.json b/2010/2xxx/CVE-2010-2271.json index ebf2e3ef821..29bc8601340 100644 --- a/2010/2xxx/CVE-2010-2271.json +++ b/2010/2xxx/CVE-2010-2271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", - "refsource" : "MISC", - "url" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" - }, - { - "name" : "VU#245081", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/245081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", + "refsource": "MISC", + "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" + }, + { + "name": "VU#245081", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/245081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2326.json b/2010/2xxx/CVE-2010-2326.json index e8c84c22fc4..bd7fc11db81 100644 --- a/2010/2xxx/CVE-2010-2326.json +++ b/2010/2xxx/CVE-2010-2326.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM10684", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10684" - }, - { - "name" : "PM15830", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" - }, - { - "name" : "40699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40699" - }, - { - "name" : "65438", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65438" - }, - { - "name" : "40096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40096" - }, - { - "name" : "ADV-2010-1411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1411" + }, + { + "name": "PM10684", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10684" + }, + { + "name": "65438", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65438" + }, + { + "name": "PM15830", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" + }, + { + "name": "40096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40096" + }, + { + "name": "40699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40699" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2348.json b/2010/2xxx/CVE-2010-2348.json index 8f9a731b417..8e871e38dc1 100644 --- a/2010/2xxx/CVE-2010-2348.json +++ b/2010/2xxx/CVE-2010-2348.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13909", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13909" - }, - { - "name" : "40940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40940" - }, - { - "name" : "40254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40254" - }, - { - "name" : "bac-wav-bo(59526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40254" + }, + { + "name": "40940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40940" + }, + { + "name": "bac-wav-bo(59526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59526" + }, + { + "name": "13909", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13909" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2429.json b/2010/2xxx/CVE-2010-2429.json index 22df5a01db3..4d10451a9bc 100644 --- a/2010/2xxx/CVE-2010-2429.json +++ b/2010/2xxx/CVE-2010-2429.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a \"404 Not Found\" response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAFHY", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAFHY" - }, - { - "name" : "65623", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65623" - }, - { - "name" : "40187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40187" - }, - { - "name" : "splunk-referrer-xss(59517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a \"404 Not Found\" response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAFHY", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAFHY" + }, + { + "name": "40187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40187" + }, + { + "name": "65623", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65623" + }, + { + "name": "splunk-referrer-xss(59517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59517" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2451.json b/2010/2xxx/CVE-2010-2451.json index fd364f80b09..b5e9de1ef0a 100644 --- a/2010/2xxx/CVE-2010-2451.json +++ b/2010/2xxx/CVE-2010-2451.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[KVIrc] 20100517 Proposal for a stable release of kvirc4", - "refsource" : "MLIST", - "url" : "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html" - }, - { - "name" : "DSA-2065", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2065" - }, - { - "name" : "FEDORA-2010-10522", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html" - }, - { - "name" : "FEDORA-2010-10529", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40746" - }, - { - "name" : "40349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40349" - }, - { - "name" : "32410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32410" - }, - { - "name" : "ADV-2010-1602", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-10522", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html" + }, + { + "name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4", + "refsource": "MLIST", + "url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html" + }, + { + "name": "40746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40746" + }, + { + "name": "ADV-2010-1602", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1602" + }, + { + "name": "FEDORA-2010-10529", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html" + }, + { + "name": "DSA-2065", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2065" + }, + { + "name": "40349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40349" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "32410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32410" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3281.json b/2010/3xxx/CVE-2010-3281.json index 4ebb21d4c31..b774ec5e1b7 100644 --- a/2010/3xxx/CVE-2010-3281.json +++ b/2010/3xxx/CVE-2010-3281.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513866" - }, - { - "name" : "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513865" - }, - { - "name" : "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf", - "refsource" : "MISC", - "url" : "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf" - }, - { - "name" : "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf" - }, - { - "name" : "43338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43338" - }, - { - "name" : "41508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41508" - }, - { - "name" : "ADV-2010-2460", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2460" - }, - { - "name" : "omnivista-http-bo(61922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf", + "refsource": "MISC", + "url": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf" + }, + { + "name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513865" + }, + { + "name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513866" + }, + { + "name": "43338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43338" + }, + { + "name": "ADV-2010-2460", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2460" + }, + { + "name": "omnivista-http-bo(61922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922" + }, + { + "name": "41508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41508" + }, + { + "name": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf", + "refsource": "CONFIRM", + "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3753.json b/2010/3xxx/CVE-2010-3753.json index 825fa93fb68..5cb533087c9 100644 --- a/2010/3xxx/CVE-2010-3753.json +++ b/2010/3xxx/CVE-2010-3753.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt" - }, - { - "name" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch", - "refsource" : "CONFIRM", - "url" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch" - }, - { - "name" : "RHSA-2010:0892", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0892.html" - }, - { - "name" : "43588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43588" - }, - { - "name" : "1024749", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024749" - }, - { - "name" : "ADV-2010-2526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2526" + }, + { + "name": "43588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43588" + }, + { + "name": "RHSA-2010:0892", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0892.html" + }, + { + "name": "1024749", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024749" + }, + { + "name": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch" + }, + { + "name": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt", + "refsource": "CONFIRM", + "url": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3977.json b/2010/3xxx/CVE-2010-3977.json index 059d748ced6..86d31473207 100644 --- a/2010/3xxx/CVE-2010-3977.json +++ b/2010/3xxx/CVE-2010-3977.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101030 cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514579/100/0/threaded" - }, - { - "name" : "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", - "refsource" : "MISC", - "url" : "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/" - }, - { - "name" : "44587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44587" - }, - { - "name" : "42006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42006" - }, - { - "name" : "cforms-libajax-xss(62938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44587" + }, + { + "name": "42006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42006" + }, + { + "name": "20101030 cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514579/100/0/threaded" + }, + { + "name": "cforms-libajax-xss(62938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938" + }, + { + "name": "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", + "refsource": "MISC", + "url": "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4224.json b/2010/4xxx/CVE-2010-4224.json index e851f5dee6f..5ce07709479 100644 --- a/2010/4xxx/CVE-2010-4224.json +++ b/2010/4xxx/CVE-2010-4224.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4224", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4224", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4476.json b/2010/4xxx/CVE-2010-4476.json index 245630c50c4..4ab402aa09b 100644 --- a/2010/4xxx/CVE-2010-4476.json +++ b/2010/4xxx/CVE-2010-4476.json @@ -1,447 +1,447 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.fortify.com/blog/2011/02/08/Double-Trouble", - "refsource" : "MISC", - "url" : "http://blog.fortify.com/blog/2011/02/08/Double-Trouble" - }, - { - "name" : "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/", - "refsource" : "MISC", - "url" : "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html", - "refsource" : "CONFIRM", - "url" : "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21468358", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21468358" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029497", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029497" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029498", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029498" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" - }, - { - "name" : "IZ94423", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423" - }, - { - "name" : "PM31983", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983" - }, - { - "name" : "DSA-2161", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2161" - }, - { - "name" : "FEDORA-2011-1231", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html" - }, - { - "name" : "FEDORA-2011-1263", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBNS02633", - "refsource" : "HP", - "url" : "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475" - }, - { - "name" : "SSRT100390", - "refsource" : "HP", - "url" : "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475" - }, - { - "name" : "HPSBMA02642", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130514352726432&w=2" - }, - { - "name" : "HPSBMU02690", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131041767210772&w=2" - }, - { - "name" : "SSRT100415", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130514352726432&w=2" - }, - { - "name" : "SSRT100569", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131041767210772&w=2" - }, - { - "name" : "HPSBUX02641", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129960314701922&w=2" - }, - { - "name" : "SSRT100412", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129960314701922&w=2" - }, - { - "name" : "HPSBUX02725", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "SSRT100627", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBOV02634", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497132406206&w=2" - }, - { - "name" : "HPSBOV02762", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "HPSBTU02684", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497185606818&w=2" - }, - { - "name" : "HPSBUX02633", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129899347607632&w=2" - }, - { - "name" : "HPSBUX02642", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130270785502599&w=2" - }, - { - "name" : "HPSBUX02645", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130168502603566&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100387", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129899347607632&w=2" - }, - { - "name" : "SSRT100825", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "MDVSA-2011:054", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054" - }, - { - "name" : "RHSA-2011:0210", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0210.html" - }, - { - "name" : "RHSA-2011:0211", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0211.html" - }, - { - "name" : "RHSA-2011:0212", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0212.html" - }, - { - "name" : "RHSA-2011:0213", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0213.html" - }, - { - "name" : "RHSA-2011:0214", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0214.html" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "RHSA-2011:0333", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0333.html" - }, - { - "name" : "RHSA-2011:0334", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0334.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "SUSE-SA:2011:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" - }, - { - "name" : "SUSE-SU-2011:0823", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:12662", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662" - }, - { - "name" : "oval:org.mitre.oval:def:12745", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745" - }, - { - "name" : "oval:org.mitre.oval:def:14328", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328" - }, - { - "name" : "oval:org.mitre.oval:def:14589", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589" - }, - { - "name" : "oval:org.mitre.oval:def:19493", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493" - }, - { - "name" : "1025062", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025062" - }, - { - "name" : "43048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43048" - }, - { - "name" : "43280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43280" - }, - { - "name" : "43295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43295" - }, - { - "name" : "43304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43304" - }, - { - "name" : "43333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43333" - }, - { - "name" : "43378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43378" - }, - { - "name" : "43400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43400" - }, - { - "name" : "45555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45555" - }, - { - "name" : "43659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43659" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "45022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45022" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - }, - { - "name" : "ADV-2011-0365", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0365" - }, - { - "name" : "ADV-2011-0377", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0377" - }, - { - "name" : "ADV-2011-0379", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0379" - }, - { - "name" : "ADV-2011-0422", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0422" - }, - { - "name" : "ADV-2011-0434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0434" - }, - { - "name" : "ADV-2011-0605", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43295" + }, + { + "name": "1025062", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025062" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" + }, + { + "name": "43280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43280" + }, + { + "name": "RHSA-2011:0210", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0210.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oval:org.mitre.oval:def:14328", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14328" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "FEDORA-2011-1231", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html" + }, + { + "name": "FEDORA-2011-1263", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html" + }, + { + "name": "SUSE-SU-2011:0823", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" + }, + { + "name": "HPSBNS02633", + "refsource": "HP", + "url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475" + }, + { + "name": "SSRT100387", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129899347607632&w=2" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "RHSA-2011:0214", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0214.html" + }, + { + "name": "PM31983", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983" + }, + { + "name": "45555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45555" + }, + { + "name": "IZ94423", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423" + }, + { + "name": "43400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43400" + }, + { + "name": "SSRT100412", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129960314701922&w=2" + }, + { + "name": "HPSBMA02642", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130514352726432&w=2" + }, + { + "name": "43378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43378" + }, + { + "name": "45022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45022" + }, + { + "name": "RHSA-2011:0333", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0333.html" + }, + { + "name": "ADV-2011-0422", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0422" + }, + { + "name": "oval:org.mitre.oval:def:12662", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "HPSBMU02690", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131041767210772&w=2" + }, + { + "name": "ADV-2011-0434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0434" + }, + { + "name": "HPSBUX02633", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129899347607632&w=2" + }, + { + "name": "HPSBOV02762", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "oval:org.mitre.oval:def:14589", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14589" + }, + { + "name": "HPSBUX02641", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129960314701922&w=2" + }, + { + "name": "RHSA-2011:0213", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0213.html" + }, + { + "name": "SSRT100627", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/", + "refsource": "MISC", + "url": "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/" + }, + { + "name": "ADV-2011-0377", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0377" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "HPSBOV02634", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497132406206&w=2" + }, + { + "name": "ADV-2011-0365", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0365" + }, + { + "name": "SSRT100415", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130514352726432&w=2" + }, + { + "name": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html", + "refsource": "CONFIRM", + "url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "oval:org.mitre.oval:def:12745", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12745" + }, + { + "name": "RHSA-2011:0334", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0334.html" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21468358", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468358" + }, + { + "name": "43048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43048" + }, + { + "name": "DSA-2161", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2161" + }, + { + "name": "SSRT100825", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "ADV-2011-0379", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0379" + }, + { + "name": "43304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43304" + }, + { + "name": "RHSA-2011:0211", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0211.html" + }, + { + "name": "SSRT100390", + "refsource": "HP", + "url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "43659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43659" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029498", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029498" + }, + { + "name": "HPSBUX02725", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "SUSE-SA:2011:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19493", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19493" + }, + { + "name": "43333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43333" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "SSRT100569", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131041767210772&w=2" + }, + { + "name": "HPSBUX02645", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130168502603566&w=2" + }, + { + "name": "RHSA-2011:0212", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0212.html" + }, + { + "name": "HPSBUX02642", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130270785502599&w=2" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html" + }, + { + "name": "ADV-2011-0605", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0605" + }, + { + "name": "http://blog.fortify.com/blog/2011/02/08/Double-Trouble", + "refsource": "MISC", + "url": "http://blog.fortify.com/blog/2011/02/08/Double-Trouble" + }, + { + "name": "HPSBTU02684", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497185606818&w=2" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029497", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029497" + }, + { + "name": "MDVSA-2011:054", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4714.json b/2010/4xxx/CVE-2010-4714.json index ecf394d92e7..b9b630a4f71 100644 --- a/2010/4xxx/CVE-2010-4714.json +++ b/2010/4xxx/CVE-2010-4714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-247/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-247/" - }, - { - "name" : "http://www.facebook.com/note.php?note_id=477865030928", - "refsource" : "CONFIRM", - "url" : "http://www.facebook.com/note.php?note_id=477865030928" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=627942", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=627942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-247/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-247/" + }, + { + "name": "http://www.facebook.com/note.php?note_id=477865030928", + "refsource": "CONFIRM", + "url": "http://www.facebook.com/note.php?note_id=477865030928" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=627942", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=627942" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1730.json b/2011/1xxx/CVE-2011-1730.json index 8b04fe4b2c1..28b04c176e0 100644 --- a/2011/1xxx/CVE-2011-1730.json +++ b/2011/1xxx/CVE-2011-1730.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110429 ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517767/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-146/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-146/" - }, - { - "name" : "HPSBMA02668", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "SSRT100474", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "47638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47638" - }, - { - "name" : "72189", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72189" - }, - { - "name" : "1025454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025454" - }, - { - "name" : "44402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44402" - }, - { - "name" : "hp-storage-data-code-exec(67203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47638" + }, + { + "name": "hp-storage-data-code-exec(67203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67203" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-146/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-146/" + }, + { + "name": "HPSBMA02668", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "SSRT100474", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "44402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44402" + }, + { + "name": "1025454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025454" + }, + { + "name": "72189", + "refsource": "OSVDB", + "url": "http://osvdb.org/72189" + }, + { + "name": "20110429 ZDI-11-146: HP Data Protector Backup Client Service EXEC_SCRIPT Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517767/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1773.json b/2011/1xxx/CVE-2011-1773.json index 9d7549664c1..8ff56e25158 100644 --- a/2011/1xxx/CVE-2011-1773.json +++ b/2011/1xxx/CVE-2011-1773.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=702754", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=702754" - }, - { - "name" : "https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1", - "refsource" : "CONFIRM", - "url" : "https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1" - }, - { - "name" : "RHSA-2011:1615", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1615.html" - }, - { - "name" : "77558", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77558" - }, - { - "name" : "47086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1", + "refsource": "CONFIRM", + "url": "https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1" + }, + { + "name": "RHSA-2011:1615", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1615.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=702754", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702754" + }, + { + "name": "47086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47086" + }, + { + "name": "77558", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77558" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5324.json b/2011/5xxx/CVE-2011-5324.json index ad38d6e6908..e6b36375a46 100644 --- a/2011/5xxx/CVE-2011-5324.json +++ b/2011/5xxx/CVE-2011-5324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1" + }, + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1" + }, + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3074.json b/2014/3xxx/CVE-2014-3074.json index 97b434243c1..2a642231a8c 100644 --- a/2014/3xxx/CVE-2014-3074.json +++ b/2014/3xxx/CVE-2014-3074.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532689/100/0/threaded" - }, - { - "name" : "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/31" - }, - { - "name" : "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc" - }, - { - "name" : "IV60935", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60935" - }, - { - "name" : "IV60940", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60940" - }, - { - "name" : "IV61311", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV61311" - }, - { - "name" : "IV61313", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV61313" - }, - { - "name" : "IV61314", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV61314" - }, - { - "name" : "IV61315", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV61315" - }, - { - "name" : "68296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68296" - }, - { - "name" : "1030504", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030504" - }, - { - "name" : "59344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59344" - }, - { - "name" : "ibm-aix-cve20143074-priv-escalation(93816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68296" + }, + { + "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532689/100/0/threaded" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/" + }, + { + "name": "IV60940", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60940" + }, + { + "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/31" + }, + { + "name": "1030504", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030504" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc" + }, + { + "name": "IV61311", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61311" + }, + { + "name": "ibm-aix-cve20143074-priv-escalation(93816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93816" + }, + { + "name": "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html" + }, + { + "name": "IV60935", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60935" + }, + { + "name": "IV61315", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61315" + }, + { + "name": "59344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59344" + }, + { + "name": "IV61313", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61313" + }, + { + "name": "IV61314", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61314" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3364.json b/2014/3xxx/CVE-2014-3364.json index 8e0ba647974..023fb154dfa 100644 --- a/2014/3xxx/CVE-2014-3364.json +++ b/2014/3xxx/CVE-2014-3364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741" - }, - { - "name" : "20141212 Cisco Prime Security Manager Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36741" + }, + { + "name": "20141212 Cisco Prime Security Manager Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3836.json b/2014/3xxx/CVE-2014-3836.json index 6a893b06130..b920753cbf4 100644 --- a/2014/3xxx/CVE-2014-3836.json +++ b/2014/3xxx/CVE-2014-3836.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oc-sa-2014-014/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oc-sa-2014-014/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3989.json b/2014/3xxx/CVE-2014-3989.json index 0ad086ab7ce..4dc1e61b76a 100644 --- a/2014/3xxx/CVE-2014-3989.json +++ b/2014/3xxx/CVE-2014-3989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7336.json b/2014/7xxx/CVE-2014-7336.json index 0c87aa3f3bf..71c7a425a85 100644 --- a/2014/7xxx/CVE-2014-7336.json +++ b/2014/7xxx/CVE-2014-7336.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application 1.28.44.441 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#331961", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/331961" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application 1.28.44.441 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#331961", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/331961" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7481.json b/2014/7xxx/CVE-2014-7481.json index a16ff672e01..a20c05c74ce 100644 --- a/2014/7xxx/CVE-2014-7481.json +++ b/2014/7xxx/CVE-2014-7481.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#892961", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/892961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#892961", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/892961" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8297.json b/2014/8xxx/CVE-2014-8297.json index 7783cd90eea..b1f6afb27a5 100644 --- a/2014/8xxx/CVE-2014-8297.json +++ b/2014/8xxx/CVE-2014-8297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8306.json b/2014/8xxx/CVE-2014-8306.json index 4f9637391aa..54e35f84cae 100644 --- a/2014/8xxx/CVE-2014-8306.json +++ b/2014/8xxx/CVE-2014-8306.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/55" - }, - { - "name" : "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect", - "refsource" : "MISC", - "url" : "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect", + "refsource": "MISC", + "url": "http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect" + }, + { + "name": "20140916 [Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities - SQL Injection, XSS Reflected, Open Redirect", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/55" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8414.json b/2014/8xxx/CVE-2014-8414.json index 105e16272f0..20fdfcac97f 100644 --- a/2014/8xxx/CVE-2014-8414.json +++ b/2014/8xxx/CVE-2014-8414.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/67" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2014-014.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2014-014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.asterisk.org/pub/security/AST-2014-014.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2014-014.html" + }, + { + "name": "20141121 AST-2014-014: High call load may result in hung channels in ConfBridge.", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/67" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8533.json b/2014/8xxx/CVE-2014-8533.json index 25e1a82a707..0f1f9cb24ff 100644 --- a/2014/8xxx/CVE-2014-8533.json +++ b/2014/8xxx/CVE-2014-8533.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8630.json b/2014/8xxx/CVE-2014-8630.json index 5a2df54042f..d028957cd75 100644 --- a/2014/8xxx/CVE-2014-8630.json +++ b/2014/8xxx/CVE-2014-8630.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-8630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/4.0.15/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/4.0.15/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079065", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079065" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0048.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0048.html" - }, - { - "name" : "FEDORA-2015-1699", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.html" - }, - { - "name" : "FEDORA-2015-1713", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.html" - }, - { - "name" : "GLSA-201607-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-11" - }, - { - "name" : "MDVSA-2015:030", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://advisories.mageia.org/MGASA-2015-0048.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0048.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079065", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079065" + }, + { + "name": "FEDORA-2015-1713", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.html" + }, + { + "name": "FEDORA-2015-1699", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.html" + }, + { + "name": "MDVSA-2015:030", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:030" + }, + { + "name": "GLSA-201607-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-11" + }, + { + "name": "http://www.bugzilla.org/security/4.0.15/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/4.0.15/" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8739.json b/2014/8xxx/CVE-2014-8739.json index 55e90b9c7d1..5a15dd3e255 100644 --- a/2014/8xxx/CVE-2014-8739.json +++ b/2014/8xxx/CVE-2014-8739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9128.json b/2014/9xxx/CVE-2014-9128.json index 1ef5e6abdbc..ec93c4af9e1 100644 --- a/2014/9xxx/CVE-2014-9128.json +++ b/2014/9xxx/CVE-2014-9128.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9128", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9128", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9137.json b/2014/9xxx/CVE-2014-9137.json index 48d35ac5a63..7f26b4927da 100644 --- a/2014/9xxx/CVE-2014-9137.json +++ b/2014/9xxx/CVE-2014-9137.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2014-9137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,", - "version" : { - "version_data" : [ - { - "version_value" : "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900," - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CSRF" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2014-9137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,", + "version": { + "version_data": [ + { + "version_value": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900," + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/hw-372186", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/hw-372186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9171.json b/2014/9xxx/CVE-2014-9171.json index a548c074e60..0dc874edbb7 100644 --- a/2014/9xxx/CVE-2014-9171.json +++ b/2014/9xxx/CVE-2014-9171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9171", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9171", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2216.json b/2016/2xxx/CVE-2016-2216.json index 0d9b2841b76..f29d8a76bf7 100644 --- a/2016/2xxx/CVE-2016-2216.json +++ b/2016/2xxx/CVE-2016-2216.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/", - "refsource" : "MISC", - "url" : "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/" - }, - { - "name" : "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf", - "refsource" : "MISC", - "url" : "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf" - }, - { - "name" : "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/" - }, - { - "name" : "FEDORA-2016-3102c11757", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html" - }, - { - "name" : "FEDORA-2016-8925b6119f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html" - }, - { - "name" : "GLSA-201612-43", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-43" - }, - { - "name" : "83141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/", + "refsource": "MISC", + "url": "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/" + }, + { + "name": "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html" + }, + { + "name": "FEDORA-2016-8925b6119f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/" + }, + { + "name": "83141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83141" + }, + { + "name": "FEDORA-2016-3102c11757", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html" + }, + { + "name": "GLSA-201612-43", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-43" + }, + { + "name": "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf", + "refsource": "MISC", + "url": "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2423.json b/2016/2xxx/CVE-2016-2423.json index a6d226b6361..cafaae44781 100644 --- a/2016/2xxx/CVE-2016-2423.json +++ b/2016/2xxx/CVE-2016-2423.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + }, + { + "name": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2466.json b/2016/2xxx/CVE-2016-2466.json index 35205715375..c8f0b861acb 100644 --- a/2016/2xxx/CVE-2016-2466.json +++ b/2016/2xxx/CVE-2016-2466.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2863.json b/2016/2xxx/CVE-2016-2863.json index fb0eadf1864..0c3cb6f128d 100644 --- a/2016/2xxx/CVE-2016-2863.json +++ b/2016/2xxx/CVE-2016-2863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983626", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983626" - }, - { - "name" : "JR55776", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776" - }, - { - "name" : "91544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91544" - }, - { - "name" : "1036219", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91544" + }, + { + "name": "JR55776", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776" + }, + { + "name": "1036219", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036219" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6040.json b/2016/6xxx/CVE-2016-6040.json index f2aadf0755a..38adae5c1b2 100644 --- a/2016/6xxx/CVE-2016-6040.json +++ b/2016/6xxx/CVE-2016-6040.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg21996097", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg21996097" - }, - { - "name" : "95115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95115" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6285.json b/2016/6xxx/CVE-2016-6285.json index 62d064500f4..0aef1ed87b6 100644 --- a/2016/6xxx/CVE-2016-6285.json +++ b/2016/6xxx/CVE-2016-6285.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170117 Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jan/41" - }, - { - "name" : "http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html" - }, - { - "name" : "https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2" - }, - { - "name" : "https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777" - }, - { - "name" : "95913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170117 Reflected Cross-Site Scripting (XSS) in Atlassian Jira Software", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Jan/41" + }, + { + "name": "95913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95913" + }, + { + "name": "https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777" + }, + { + "name": "https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2" + }, + { + "name": "http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6420.json b/2016/6xxx/CVE-2016-6420.json index 3eb69c61727..13f22157124 100644 --- a/2016/6xxx/CVE-2016-6420.json +++ b/2016/6xxx/CVE-2016-6420.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1" - }, - { - "name" : "93204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93204" - }, - { - "name" : "1036919", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036919", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036919" + }, + { + "name": "93204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93204" + }, + { + "name": "20160928 Cisco Firepower Management Center Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6592.json b/2016/6xxx/CVE-2016-6592.json index fe2c8a2e65b..0183e1bfae6 100644 --- a/2016/6xxx/CVE-2016-6592.json +++ b/2016/6xxx/CVE-2016-6592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6634.json b/2016/6xxx/CVE-2016-6634.json index 39ef484c85d..0f050d0fbef 100644 --- a/2016/6xxx/CVE-2016-6634.json +++ b/2016/6xxx/CVE-2016-6634.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.trac.wordpress.org/query?status=closed&milestone=4.5", - "refsource" : "MISC", - "url" : "https://core.trac.wordpress.org/query?status=closed&milestone=4.5" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8474", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8474" - }, - { - "name" : "http://codex.wordpress.org/Version_4.5", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Version_4.5" - }, - { - "name" : "DSA-3681", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3681" - }, - { - "name" : "92390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92390" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8474", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8474" + }, + { + "name": "http://codex.wordpress.org/Version_4.5", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Version_4.5" + }, + { + "name": "DSA-3681", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3681" + }, + { + "name": "https://core.trac.wordpress.org/query?status=closed&milestone=4.5", + "refsource": "MISC", + "url": "https://core.trac.wordpress.org/query?status=closed&milestone=4.5" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7176.json b/2016/7xxx/CVE-2016-7176.json index 8d6bc36f3ac..41006e3a57e 100644 --- a/2016/7xxx/CVE-2016-7176.json +++ b/2016/7xxx/CVE-2016-7176.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700" - }, - { - "name" : "https://code.wireshark.org/review/16852", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/16852" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-51.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-51.html" - }, - { - "name" : "DSA-3671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3671" - }, - { - "name" : "1036760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/16852", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/16852" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-51.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-51.html" + }, + { + "name": "1036760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036760" + }, + { + "name": "DSA-3671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3671" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7355.json b/2016/7xxx/CVE-2016-7355.json index b6b25350649..4619c4ead66 100644 --- a/2016/7xxx/CVE-2016-7355.json +++ b/2016/7xxx/CVE-2016-7355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7355", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7355", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7911.json b/2016/7xxx/CVE-2016-7911.json index d0094418851..5647c83d8f2 100644 --- a/2016/7xxx/CVE-2016-7911.json +++ b/2016/7xxx/CVE-2016-7911.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-7911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4" - }, - { - "name" : "94135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4" + }, + { + "name": "94135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94135" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7937.json b/2016/7xxx/CVE-2016-7937.json index cde72c88ad3..9229403a07a 100644 --- a/2016/7xxx/CVE-2016-7937.json +++ b/2016/7xxx/CVE-2016-7937.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5143.json b/2017/5xxx/CVE-2017-5143.json index 76b98e3ef70..31ce2cbd99e 100644 --- a/2017/5xxx/CVE-2017-5143.json +++ b/2017/5xxx/CVE-2017-5143.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honeywell XL Web II Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Honeywell XL Web II Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Honeywell XL Web II Controller directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honeywell XL Web II Controller", + "version": { + "version_data": [ + { + "version_value": "Honeywell XL Web II Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01" - }, - { - "name" : "95971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Honeywell XL Web II Controller directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95971" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5426.json b/2017/5xxx/CVE-2017-5426.json index 5124ac9c348..1ddc882e5b3 100644 --- a/2017/5xxx/CVE-2017-5426.json +++ b/2017/5xxx/CVE-2017-5426.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1257361", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1257361" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "96694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96694" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96694" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257361", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257361" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + } + ] + } +} \ No newline at end of file