From 0d21a13a7e5784d239b7ae6f028221a075eb87bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:28:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0129.json | 160 ++++++------ 2006/0xxx/CVE-2006-0588.json | 150 +++++------ 2006/0xxx/CVE-2006-0725.json | 190 +++++++------- 2006/0xxx/CVE-2006-0759.json | 190 +++++++------- 2006/0xxx/CVE-2006-0994.json | 200 +++++++------- 2006/1xxx/CVE-2006-1534.json | 210 +++++++-------- 2006/1xxx/CVE-2006-1548.json | 210 +++++++-------- 2006/1xxx/CVE-2006-1595.json | 200 +++++++------- 2006/1xxx/CVE-2006-1835.json | 180 ++++++------- 2006/1xxx/CVE-2006-1936.json | 350 ++++++++++++------------- 2006/5xxx/CVE-2006-5108.json | 240 ++++++++--------- 2006/5xxx/CVE-2006-5114.json | 170 ++++++------ 2006/5xxx/CVE-2006-5129.json | 150 +++++------ 2007/2xxx/CVE-2007-2242.json | 490 +++++++++++++++++------------------ 2010/0xxx/CVE-2010-0416.json | 170 ++++++------ 2010/0xxx/CVE-2010-0674.json | 140 +++++----- 2010/0xxx/CVE-2010-0844.json | 440 +++++++++++++++---------------- 2010/1xxx/CVE-2010-1899.json | 130 +++++----- 2010/3xxx/CVE-2010-3700.json | 170 ++++++------ 2010/3xxx/CVE-2010-3775.json | 320 +++++++++++------------ 2010/3xxx/CVE-2010-3784.json | 140 +++++----- 2010/3xxx/CVE-2010-3979.json | 120 ++++----- 2010/4xxx/CVE-2010-4213.json | 140 +++++----- 2010/4xxx/CVE-2010-4332.json | 150 +++++------ 2010/4xxx/CVE-2010-4521.json | 170 ++++++------ 2010/4xxx/CVE-2010-4564.json | 34 +-- 2010/4xxx/CVE-2010-4743.json | 190 +++++++------- 2014/0xxx/CVE-2014-0170.json | 160 ++++++------ 2014/4xxx/CVE-2014-4055.json | 160 ++++++------ 2014/4xxx/CVE-2014-4057.json | 160 ++++++------ 2014/4xxx/CVE-2014-4790.json | 160 ++++++------ 2014/8xxx/CVE-2014-8050.json | 34 +-- 2014/8xxx/CVE-2014-8110.json | 160 ++++++------ 2014/8xxx/CVE-2014-8507.json | 160 ++++++------ 2014/8xxx/CVE-2014-8957.json | 140 +++++----- 2014/9xxx/CVE-2014-9127.json | 34 +-- 2014/9xxx/CVE-2014-9287.json | 34 +-- 2014/9xxx/CVE-2014-9342.json | 120 ++++----- 2014/9xxx/CVE-2014-9610.json | 130 +++++----- 2016/2xxx/CVE-2016-2161.json | 252 +++++++++--------- 2016/2xxx/CVE-2016-2433.json | 130 +++++----- 2016/3xxx/CVE-2016-3465.json | 130 +++++----- 2016/3xxx/CVE-2016-3763.json | 130 +++++----- 2016/3xxx/CVE-2016-3817.json | 34 +-- 2016/3xxx/CVE-2016-3943.json | 140 +++++----- 2016/3xxx/CVE-2016-3983.json | 120 ++++----- 2016/3xxx/CVE-2016-3984.json | 160 ++++++------ 2016/6xxx/CVE-2016-6123.json | 178 ++++++------- 2016/6xxx/CVE-2016-6282.json | 34 +-- 2016/6xxx/CVE-2016-6357.json | 140 +++++----- 2016/6xxx/CVE-2016-6535.json | 130 +++++----- 2016/6xxx/CVE-2016-6786.json | 170 ++++++------ 2016/7xxx/CVE-2016-7108.json | 130 +++++----- 2016/7xxx/CVE-2016-7395.json | 160 ++++++------ 2016/7xxx/CVE-2016-7476.json | 140 +++++----- 2016/7xxx/CVE-2016-7588.json | 160 ++++++------ 2016/7xxx/CVE-2016-7617.json | 150 +++++------ 57 files changed, 4672 insertions(+), 4672 deletions(-) diff --git a/2006/0xxx/CVE-2006-0129.json b/2006/0xxx/CVE-2006-0129.json index a2b2f74435e..2d34f97dd4f 100644 --- a/2006/0xxx/CVE-2006-0129.json +++ b/2006/0xxx/CVE-2006-0129.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060104 Rockliffe Mailsite User Enumeration Flaw", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html" - }, - { - "name" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt", - "refsource" : "MISC", - "url" : "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt" - }, - { - "name" : "ADV-2006-0055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0055" - }, - { - "name" : "22230", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22230" - }, - { - "name" : "18318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt", + "refsource": "MISC", + "url": "http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt" + }, + { + "name": "ADV-2006-0055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0055" + }, + { + "name": "18318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18318" + }, + { + "name": "22230", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22230" + }, + { + "name": "20060104 Rockliffe Mailsite User Enumeration Flaw", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0588.json b/2006/0xxx/CVE-2006-0588.json index e30b09b16ba..9c9e962df4e 100644 --- a/2006/0xxx/CVE-2006-0588.json +++ b/2006/0xxx/CVE-2006-0588.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423950/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-249.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-249.html" - }, - { - "name" : "413", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/413" - }, - { - "name" : "mytopix-search-sql-injection(24502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "413", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/413" + }, + { + "name": "20060204 [KAPDA::#26] - MyTopix Sql Injection & Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423950/100/0/threaded" + }, + { + "name": "http://kapda.ir/advisory-249.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-249.html" + }, + { + "name": "mytopix-search-sql-injection(24502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24502" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0725.json b/2006/0xxx/CVE-2006-0725.json index e5081faea22..8f2ce09ead9 100644 --- a/2006/0xxx/CVE-2006-0725.json +++ b/2006/0xxx/CVE-2006-0725.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File", - "refsource" : "CONFIRM", - "url" : "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File" - }, - { - "name" : "16662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16662" - }, - { - "name" : "ADV-2006-0599", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0599" - }, - { - "name" : "23204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23204" - }, - { - "name" : "18883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18883" - }, - { - "name" : "1015624", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015624" - }, - { - "name" : "plumecms-prepend-file-include(24697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697" - }, - { - "name" : "plumecms-frontinc-prepend-file-include(27699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015624", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015624" + }, + { + "name": "plumecms-prepend-file-include(24697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697" + }, + { + "name": "plumecms-frontinc-prepend-file-include(27699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699" + }, + { + "name": "18883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18883" + }, + { + "name": "ADV-2006-0599", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0599" + }, + { + "name": "23204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23204" + }, + { + "name": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File", + "refsource": "CONFIRM", + "url": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File" + }, + { + "name": "16662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16662" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0759.json b/2006/0xxx/CVE-2006-0759.json index 39296976c5e..2ab2fa8f370 100644 --- a/2006/0xxx/CVE-2006-0759.json +++ b/2006/0xxx/CVE-2006-0759.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060210 HiveMail <= 1.3 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html" - }, - { - "name" : "http://forum.hivemail.com/showthread.php?p=26745", - "refsource" : "MISC", - "url" : "http://forum.hivemail.com/showthread.php?p=26745" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00098-02102006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00098-02102006" - }, - { - "name" : "16591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16591" - }, - { - "name" : "ADV-2006-0527", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0527" - }, - { - "name" : "18807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18807" - }, - { - "name" : "422", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/422" - }, - { - "name" : "hivemail-index-sql-injection(24623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.hivemail.com/showthread.php?p=26745", + "refsource": "MISC", + "url": "http://forum.hivemail.com/showthread.php?p=26745" + }, + { + "name": "16591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16591" + }, + { + "name": "422", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/422" + }, + { + "name": "ADV-2006-0527", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0527" + }, + { + "name": "20060210 HiveMail <= 1.3 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html" + }, + { + "name": "hivemail-index-sql-injection(24623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24623" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00098-02102006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00098-02102006" + }, + { + "name": "18807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18807" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0994.json b/2006/0xxx/CVE-2006-0994.json index 77d181d7637..ec5ce6668cb 100644 --- a/2006/0xxx/CVE-2006-0994.json +++ b/2006/0xxx/CVE-2006-0994.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with \"invalid folder count values,\" which leads to heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433272/100/0/threaded" - }, - { - "name" : "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045897.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html" - }, - { - "name" : "17876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17876" - }, - { - "name" : "ADV-2006-1730", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1730" - }, - { - "name" : "1016041", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016041" - }, - { - "name" : "20028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20028" - }, - { - "name" : "869", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/869" - }, - { - "name" : "sophos-cab-parsing-bo(26305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with \"invalid folder count values,\" which leads to heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-012.html" + }, + { + "name": "1016041", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016041" + }, + { + "name": "869", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/869" + }, + { + "name": "sophos-cab-parsing-bo(26305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26305" + }, + { + "name": "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045897.html" + }, + { + "name": "17876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17876" + }, + { + "name": "20060508 ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433272/100/0/threaded" + }, + { + "name": "20028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20028" + }, + { + "name": "ADV-2006-1730", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1730" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1534.json b/2006/1xxx/CVE-2006-1534.json index 5bf6221ef22..c7095f98232 100644 --- a/2006/1xxx/CVE-2006-1534.json +++ b/2006/1xxx/CVE-2006-1534.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060408 [eVuln] Null news SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430298/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/109/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/109/summary.html" - }, - { - "name" : "17300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17300" - }, - { - "name" : "ADV-2006-1151", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1151" - }, - { - "name" : "24240", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24240" - }, - { - "name" : "24241", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24241" - }, - { - "name" : "24242", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24242" - }, - { - "name" : "19413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19413" - }, - { - "name" : "682", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/682" - }, - { - "name" : "nullnews-multiple-sql-injection(25502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24240", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24240" + }, + { + "name": "24241", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24241" + }, + { + "name": "19413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19413" + }, + { + "name": "http://evuln.com/vulns/109/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/109/summary.html" + }, + { + "name": "nullnews-multiple-sql-injection(25502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25502" + }, + { + "name": "20060408 [eVuln] Null news SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430298/100/0/threaded" + }, + { + "name": "24242", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24242" + }, + { + "name": "ADV-2006-1151", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1151" + }, + { + "name": "17300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17300" + }, + { + "name": "682", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/682" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1548.json b/2006/1xxx/CVE-2006-1548.json index bc7d20b03c8..7de98fcdeb3 100644 --- a/2006/1xxx/CVE-2006-1548.json +++ b/2006/1xxx/CVE-2006-1548.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html" - }, - { - "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749" - }, - { - "name" : "https://issues.apache.org/struts/browse/STR-2781", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/struts/browse/STR-2781" - }, - { - "name" : "SUSE-SR:2006:010", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" - }, - { - "name" : "17342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17342" - }, - { - "name" : "ADV-2006-1205", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1205" - }, - { - "name" : "1015856", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015856" - }, - { - "name" : "19493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19493" - }, - { - "name" : "20117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20117" - }, - { - "name" : "struts-lookupmap-xss(25614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "struts-lookupmap-xss(25614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25614" + }, + { + "name": "1015856", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015856" + }, + { + "name": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html" + }, + { + "name": "ADV-2006-1205", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1205" + }, + { + "name": "17342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17342" + }, + { + "name": "19493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19493" + }, + { + "name": "https://issues.apache.org/struts/browse/STR-2781", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/struts/browse/STR-2781" + }, + { + "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38749" + }, + { + "name": "SUSE-SR:2006:010", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" + }, + { + "name": "20117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20117" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1595.json b/2006/1xxx/CVE-2006-1595.json index 420b87bdd82..37f87a37b09 100644 --- a/2006/1xxx/CVE-2006-1595.json +++ b/2006/1xxx/CVE-2006-1595.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via \"..\" sequences in the file parameter in a rqEditHtml command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1627", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1627" - }, - { - "name" : "http://retrogod.altervista.org/claroline_174_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/claroline_174_incl_xpl.html" - }, - { - "name" : "20060331 Re: [Full-disclosure] Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1905.html" - }, - { - "name" : "17344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17344" - }, - { - "name" : "ADV-2006-1187", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1187" - }, - { - "name" : "24285", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24285" - }, - { - "name" : "24284", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24284" - }, - { - "name" : "19461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19461" - }, - { - "name" : "claroline-rqmkhtml-xss(25562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via \"..\" sequences in the file parameter in a rqEditHtml command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17344" + }, + { + "name": "http://retrogod.altervista.org/claroline_174_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/claroline_174_incl_xpl.html" + }, + { + "name": "19461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19461" + }, + { + "name": "24284", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24284" + }, + { + "name": "20060331 Re: [Full-disclosure] Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1905.html" + }, + { + "name": "ADV-2006-1187", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1187" + }, + { + "name": "24285", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24285" + }, + { + "name": "1627", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1627" + }, + { + "name": "claroline-rqmkhtml-xss(25562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25562" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1835.json b/2006/1xxx/CVE-2006-1835.json index 70e0694768d..8d1dccbcdd3 100644 --- a/2006/1xxx/CVE-2006-1835.json +++ b/2006/1xxx/CVE-2006-1835.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060416 Calendarix \"yearcal.php\" XSS Attacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431122/100/0/threaded" - }, - { - "name" : "17562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17562" - }, - { - "name" : "ADV-2006-1376", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1376" - }, - { - "name" : "1015954", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015954" - }, - { - "name" : "19710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19710" - }, - { - "name" : "727", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/727" - }, - { - "name" : "calendarix-yearcal-xss(25874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17562" + }, + { + "name": "19710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19710" + }, + { + "name": "727", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/727" + }, + { + "name": "20060416 Calendarix \"yearcal.php\" XSS Attacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431122/100/0/threaded" + }, + { + "name": "calendarix-yearcal-xss(25874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25874" + }, + { + "name": "1015954", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015954" + }, + { + "name": "ADV-2006-1376", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1376" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1936.json b/2006/1xxx/CVE-2006-1936.json index 4fb1df41850..6dd2337bf78 100644 --- a/2006/1xxx/CVE-2006-1936.json +++ b/2006/1xxx/CVE-2006-1936.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00023.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" - }, - { - "name" : "DSA-1049", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1049" - }, - { - "name" : "FEDORA-2006-456", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" - }, - { - "name" : "FEDORA-2006-461", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" - }, - { - "name" : "GLSA-200604-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" - }, - { - "name" : "MDKSA-2006:077", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" - }, - { - "name" : "RHSA-2006:0420", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0420.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SR:2006:010", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" - }, - { - "name" : "17682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17682" - }, - { - "name" : "oval:org.mitre.oval:def:10341", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10341" - }, - { - "name" : "ADV-2006-1501", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1501" - }, - { - "name" : "1015985", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015985" - }, - { - "name" : "19769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19769" - }, - { - "name" : "19805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19805" - }, - { - "name" : "19828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19828" - }, - { - "name" : "19839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19839" - }, - { - "name" : "19958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19958" - }, - { - "name" : "19962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19962" - }, - { - "name" : "20117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20117" - }, - { - "name" : "20944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20944" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "ethereal-telnet-dissector-bo(26029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19828" + }, + { + "name": "19839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19839" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "FEDORA-2006-456", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html" + }, + { + "name": "MDKSA-2006:077", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:077" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00023.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00023.html" + }, + { + "name": "19769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19769" + }, + { + "name": "19962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19962" + }, + { + "name": "FEDORA-2006-461", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html" + }, + { + "name": "1015985", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015985" + }, + { + "name": "GLSA-200604-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml" + }, + { + "name": "ADV-2006-1501", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1501" + }, + { + "name": "DSA-1049", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1049" + }, + { + "name": "oval:org.mitre.oval:def:10341", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10341" + }, + { + "name": "19805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19805" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm" + }, + { + "name": "ethereal-telnet-dissector-bo(26029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26029" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "SUSE-SR:2006:010", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html" + }, + { + "name": "20117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20117" + }, + { + "name": "17682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17682" + }, + { + "name": "20944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20944" + }, + { + "name": "RHSA-2006:0420", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0420.html" + }, + { + "name": "19958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19958" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5108.json b/2006/5xxx/CVE-2006-5108.json index cf06579d2fd..22cd3603839 100644 --- a/2006/5xxx/CVE-2006-5108.json +++ b/2006/5xxx/CVE-2006-5108.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060926 CubeCart Multiple input Validation vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447009/100/0/threaded" - }, - { - "name" : "20215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20215" - }, - { - "name" : "ADV-2006-3818", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3818" - }, - { - "name" : "29246", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29246" - }, - { - "name" : "29247", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29247" - }, - { - "name" : "29248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29248" - }, - { - "name" : "29249", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29249" - }, - { - "name" : "29250", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29250" - }, - { - "name" : "29251", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29251" - }, - { - "name" : "29252", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29252" - }, - { - "name" : "22175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22175" - }, - { - "name" : "1662", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1662" - }, - { - "name" : "cubecart-multiple-scripts-xss(29177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29249", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29249" + }, + { + "name": "20060926 CubeCart Multiple input Validation vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded" + }, + { + "name": "20215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20215" + }, + { + "name": "ADV-2006-3818", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3818" + }, + { + "name": "cubecart-multiple-scripts-xss(29177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177" + }, + { + "name": "29251", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29251" + }, + { + "name": "29248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29248" + }, + { + "name": "1662", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1662" + }, + { + "name": "29250", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29250" + }, + { + "name": "29246", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29246" + }, + { + "name": "29252", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29252" + }, + { + "name": "22175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22175" + }, + { + "name": "29247", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29247" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5114.json b/2006/5xxx/CVE-2006-5114.json index ab60ac1f272..be56763c1f1 100644 --- a/2006/5xxx/CVE-2006-5114.json +++ b/2006/5xxx/CVE-2006-5114.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060928 SAP Internet Transaction Server XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447262/100/0/threaded" - }, - { - "name" : "20244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20244" - }, - { - "name" : "ADV-2006-3894", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3894" - }, - { - "name" : "22171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22171" - }, - { - "name" : "1665", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1665" - }, - { - "name" : "sapits-login-xss(29245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1665", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1665" + }, + { + "name": "20244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20244" + }, + { + "name": "20060928 SAP Internet Transaction Server XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447262/100/0/threaded" + }, + { + "name": "22171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22171" + }, + { + "name": "ADV-2006-3894", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3894" + }, + { + "name": "sapits-login-xss(29245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29245" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5129.json b/2006/5xxx/CVE-2006-5129.json index 369d9bad222..0d3d6e41941 100644 --- a/2006/5xxx/CVE-2006-5129.json +++ b/2006/5xxx/CVE-2006-5129.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060926 JAF CMS 4.0 RC1 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447081/100/0/threaded" - }, - { - "name" : "20225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20225" - }, - { - "name" : "22143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22143" - }, - { - "name" : "1674", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20225" + }, + { + "name": "1674", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1674" + }, + { + "name": "22143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22143" + }, + { + "name": "20060926 JAF CMS 4.0 RC1 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447081/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2242.json b/2007/2xxx/CVE-2007-2242.json index 9b578aa5f4c..da1d8ae5bfd 100644 --- a/2007/2xxx/CVE-2007-2242.json +++ b/2007/2xxx/CVE-2007-2242.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "20070508 FLEA-2007-0016-1: kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467939/30/6690/threaded" - }, - { - "name" : "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf", - "refsource" : "MISC", - "url" : "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1310", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1310" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306375", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306375" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305712", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305712" - }, - { - "name" : "FreeBSD-SA-07:03.ipv6", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc" - }, - { - "name" : "MDKSA-2007:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171" - }, - { - "name" : "MDKSA-2007:196", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196" - }, - { - "name" : "MDKSA-2007:216", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216" - }, - { - "name" : "[3.9] 20070423 022: SECURITY FIX: April 23, 2007", - "refsource" : "OPENBSD", - "url" : "http://openbsd.org/errata39.html#022_route6" - }, - { - "name" : "[4.0] 20070423 012: SECURITY FIX: April 23, 2007", - "refsource" : "OPENBSD", - "url" : "http://openbsd.org/errata40.html#012_route6" - }, - { - "name" : "RHSA-2007:0347", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0347.html" - }, - { - "name" : "SUSE-SA:2007:051", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_51_kernel.html" - }, - { - "name" : "SUSE-SA:2008:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html" - }, - { - "name" : "USN-486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-486-1" - }, - { - "name" : "USN-508-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-508-1" - }, - { - "name" : "VU#267289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/267289" - }, - { - "name" : "23615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23615" - }, - { - "name" : "oval:org.mitre.oval:def:9574", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574" - }, - { - "name" : "ADV-2007-1563", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1563" - }, - { - "name" : "ADV-2007-3050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3050" - }, - { - "name" : "ADV-2007-2270", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2270" - }, - { - "name" : "1017949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017949" - }, - { - "name" : "24978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24978" - }, - { - "name" : "25033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25033" - }, - { - "name" : "25068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25068" - }, - { - "name" : "25083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25083" - }, - { - "name" : "25288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25288" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - }, - { - "name" : "25770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25770" - }, - { - "name" : "26133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26133" - }, - { - "name" : "26651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26651" - }, - { - "name" : "26703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26703" - }, - { - "name" : "26620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26620" - }, - { - "name" : "26664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26664" - }, - { - "name" : "28806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28806" - }, - { - "name" : "openbsd-ipv6-type0-dos(33851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-07:03.ipv6", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc" + }, + { + "name": "24978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24978" + }, + { + "name": "26703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26703" + }, + { + "name": "RHSA-2007:0347", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0347.html" + }, + { + "name": "25770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25770" + }, + { + "name": "26664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26664" + }, + { + "name": "SUSE-SA:2007:051", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html" + }, + { + "name": "20070508 FLEA-2007-0016-1: kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467939/30/6690/threaded" + }, + { + "name": "28806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28806" + }, + { + "name": "23615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23615" + }, + { + "name": "oval:org.mitre.oval:def:9574", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306375", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306375" + }, + { + "name": "26651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26651" + }, + { + "name": "[3.9] 20070423 022: SECURITY FIX: April 23, 2007", + "refsource": "OPENBSD", + "url": "http://openbsd.org/errata39.html#022_route6" + }, + { + "name": "MDKSA-2007:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171" + }, + { + "name": "MDKSA-2007:216", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216" + }, + { + "name": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf", + "refsource": "MISC", + "url": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf" + }, + { + "name": "1017949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017949" + }, + { + "name": "[4.0] 20070423 012: SECURITY FIX: April 23, 2007", + "refsource": "OPENBSD", + "url": "http://openbsd.org/errata40.html#012_route6" + }, + { + "name": "25288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25288" + }, + { + "name": "ADV-2007-1563", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1563" + }, + { + "name": "25083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25083" + }, + { + "name": "26620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26620" + }, + { + "name": "ADV-2007-2270", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2270" + }, + { + "name": "MDKSA-2007:196", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "25068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25068" + }, + { + "name": "SUSE-SA:2008:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html" + }, + { + "name": "VU#267289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/267289" + }, + { + "name": "USN-486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-486-1" + }, + { + "name": "USN-508-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-508-1" + }, + { + "name": "ADV-2007-3050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3050" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1310", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1310" + }, + { + "name": "25033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25033" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305712", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305712" + }, + { + "name": "openbsd-ipv6-type0-dos(33851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851" + }, + { + "name": "26133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26133" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0416.json b/2010/0xxx/CVE-2010-0416.json index d8421fe11e9..75c733a472c 100644 --- a/2010/0xxx/CVE-2010-0416.json +++ b/2010/0xxx/CVE-2010-0416.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1", - "refsource" : "MLIST", - "url" : "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=561856", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=561856" - }, - { - "name" : "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1", - "refsource" : "CONFIRM", - "url" : "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1" - }, - { - "name" : "RHSA-2010:0094", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0094.html" - }, - { - "name" : "oval:org.mitre.oval:def:10847", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847" - }, - { - "name" : "38450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0094", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html" + }, + { + "name": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1", + "refsource": "CONFIRM", + "url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1" + }, + { + "name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1", + "refsource": "MLIST", + "url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html" + }, + { + "name": "38450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38450" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=561856", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856" + }, + { + "name": "oval:org.mitre.oval:def:10847", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0674.json b/2010/0xxx/CVE-2010-0674.json index c5e7c8b200f..65d1de2900c 100644 --- a/2010/0xxx/CVE-2010-0674.json +++ b/2010/0xxx/CVE-2010-0674.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt" - }, - { - "name" : "11434", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11434" - }, - { - "name" : "statcountex-stats-info-disclosure(56264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt" + }, + { + "name": "statcountex-stats-info-disclosure(56264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56264" + }, + { + "name": "11434", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11434" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0844.json b/2010/0xxx/CVE-2010-0844.json index c33b305caed..e40fe51197a 100644 --- a/2010/0xxx/CVE-2010-0844.json +++ b/2010/0xxx/CVE-2010-0844.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100405 ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510529/100/0/threaded" - }, - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-053", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-053" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02524", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "SSRT100089", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2" - }, - { - "name" : "RHSA-2010:0337", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html" - }, - { - "name" : "RHSA-2010:0338", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html" - }, - { - "name" : "RHSA-2010:0383", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0383.html" - }, - { - "name" : "RHSA-2010:0471", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0471.html" - }, - { - "name" : "RHSA-2010:0489", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0489.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14282", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14282" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "39659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39659" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "40211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40211" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - }, - { - "name" : "ADV-2010-1454", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1454" - }, - { - "name" : "ADV-2010-1523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1523" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "RHSA-2010:0383", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "20100405 ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510529/100/0/threaded" + }, + { + "name": "ADV-2010-1454", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1454" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-053", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-053" + }, + { + "name": "RHSA-2010:0338", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SSRT100089", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "HPSBUX02524", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "ADV-2010-1523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1523" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "39659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39659" + }, + { + "name": "RHSA-2010:0471", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "RHSA-2010:0337", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" + }, + { + "name": "RHSA-2010:0489", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0489.html" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "40211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40211" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + }, + { + "name": "oval:org.mitre.oval:def:14282", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14282" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1899.json b/2010/1xxx/CVE-2010-1899.json index 660a5acc699..f78977dadc9 100644 --- a/2010/1xxx/CVE-2010-1899.json +++ b/2010/1xxx/CVE-2010-1899.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka \"IIS Repeated Parameter Request Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065" - }, - { - "name" : "oval:org.mitre.oval:def:7127", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka \"IIS Repeated Parameter Request Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065" + }, + { + "name": "oval:org.mitre.oval:def:7127", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7127" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3700.json b/2010/3xxx/CVE-2010-3700.json index acc4aa2b645..30cbf296682 100644 --- a/2010/3xxx/CVE-2010-3700.json +++ b/2010/3xxx/CVE-2010-3700.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101027 CVE-2010-3700: Spring Security bypass of security constraints", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514517/100/0/threaded" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015", - "refsource" : "MISC", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015" - }, - { - "name" : "http://www.springsource.com/security/cve-2010-3700", - "refsource" : "CONFIRM", - "url" : "http://www.springsource.com/security/cve-2010-3700" - }, - { - "name" : "44496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44496" - }, - { - "name" : "68931", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68931" - }, - { - "name" : "42024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44496" + }, + { + "name": "42024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42024" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015", + "refsource": "MISC", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25015" + }, + { + "name": "http://www.springsource.com/security/cve-2010-3700", + "refsource": "CONFIRM", + "url": "http://www.springsource.com/security/cve-2010-3700" + }, + { + "name": "68931", + "refsource": "OSVDB", + "url": "http://osvdb.org/68931" + }, + { + "name": "20101027 CVE-2010-3700: Spring Security bypass of security constraints", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514517/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3775.json b/2010/3xxx/CVE-2010-3775.json index f45a4166783..6908f55fe27 100644 --- a/2010/3xxx/CVE-2010-3775.json +++ b/2010/3xxx/CVE-2010-3775.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=589041", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=589041" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=610525", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=610525" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=611897", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=611897" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100124650", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100124650" - }, - { - "name" : "DSA-2132", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2132" - }, - { - "name" : "FEDORA-2010-18773", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" - }, - { - "name" : "FEDORA-2010-18775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" - }, - { - "name" : "FEDORA-2010-18890", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" - }, - { - "name" : "FEDORA-2010-18920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" - }, - { - "name" : "MDVSA-2010:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" - }, - { - "name" : "RHSA-2010:0966", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" - }, - { - "name" : "RHSA-2010:0967", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0967.html" - }, - { - "name" : "SUSE-SA:2011:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" - }, - { - "name" : "USN-1019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1019-1" - }, - { - "name" : "45355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45355" - }, - { - "name" : "oval:org.mitre.oval:def:11666", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666" - }, - { - "name" : "1024848", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024848" - }, - { - "name" : "42716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42716" - }, - { - "name" : "42818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42818" - }, - { - "name" : "ADV-2011-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=589041", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=589041" + }, + { + "name": "SUSE-SA:2011:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" + }, + { + "name": "FEDORA-2010-18775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" + }, + { + "name": "MDVSA-2010:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100124650", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100124650" + }, + { + "name": "RHSA-2010:0966", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html" + }, + { + "name": "USN-1019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1019-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=610525", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=610525" + }, + { + "name": "42818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42818" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=611897", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=611897" + }, + { + "name": "DSA-2132", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2132" + }, + { + "name": "1024848", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024848" + }, + { + "name": "FEDORA-2010-18920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" + }, + { + "name": "ADV-2011-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0030" + }, + { + "name": "RHSA-2010:0967", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0967.html" + }, + { + "name": "FEDORA-2010-18890", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" + }, + { + "name": "oval:org.mitre.oval:def:11666", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666" + }, + { + "name": "42716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42716" + }, + { + "name": "FEDORA-2010-18773", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" + }, + { + "name": "45355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45355" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-79.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3784.json b/2010/3xxx/CVE-2010-3784.json index eed77189494..00c4e527633 100644 --- a/2010/3xxx/CVE-2010-3784.json +++ b/2010/3xxx/CVE-2010-3784.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-3784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3979.json b/2010/3xxx/CVE-2010-3979.json index 65e1b14404c..0ded0e46dd3 100644 --- a/2010/3xxx/CVE-2010-3979.json +++ b/2010/3xxx/CVE-2010-3979.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf", - "refsource" : "MISC", - "url" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf", + "refsource": "MISC", + "url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4213.json b/2010/4xxx/CVE-2010-4213.json index 0e550800b13..7d02bb0139d 100644 --- a/2010/4xxx/CVE-2010-4213.json +++ b/2010/4xxx/CVE-2010-4213.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://news.cnet.com/8301-27080_3-20021874-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20021874-245.html" - }, - { - "name" : "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html", - "refsource" : "MISC", - "url" : "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html" - }, - { - "name" : "http://viaforensics.com/appwatchdog/bank-of-america-android.html", - "refsource" : "MISC", - "url" : "http://viaforensics.com/appwatchdog/bank-of-america-android.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://viaforensics.com/appwatchdog/bank-of-america-android.html", + "refsource": "MISC", + "url": "http://viaforensics.com/appwatchdog/bank-of-america-android.html" + }, + { + "name": "http://news.cnet.com/8301-27080_3-20021874-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20021874-245.html" + }, + { + "name": "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html", + "refsource": "MISC", + "url": "http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4332.json b/2010/4xxx/CVE-2010-4332.json index d25c41d3f5d..675aa80f36b 100644 --- a/2010/4xxx/CVE-2010-4332.json +++ b/2010/4xxx/CVE-2010-4332.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101215 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515314/100/0/threaded" - }, - { - "name" : "15740", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15740" - }, - { - "name" : "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/", - "refsource" : "MISC", - "url" : "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/" - }, - { - "name" : "42662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15740", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15740" + }, + { + "name": "42662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42662" + }, + { + "name": "20101215 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515314/100/0/threaded" + }, + { + "name": "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/", + "refsource": "MISC", + "url": "http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4521.json b/2010/4xxx/CVE-2010-4521.json index 0d3fca2fbb5..e4ba8833c58 100644 --- a/2010/4xxx/CVE-2010-4521.json +++ b/2010/4xxx/CVE-2010-4521.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/16/7" - }, - { - "name" : "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/12/22/1" - }, - { - "name" : "http://drupal.org/node/999380", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/999380" - }, - { - "name" : "FEDORA-2010-18927", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052802.html" - }, - { - "name" : "FEDORA-2010-19009", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052814.html" - }, - { - "name" : "ADV-2011-0011", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0011", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0011" + }, + { + "name": "FEDORA-2010-18927", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052802.html" + }, + { + "name": "[oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/16/7" + }, + { + "name": "http://drupal.org/node/999380", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/999380" + }, + { + "name": "[oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/12/22/1" + }, + { + "name": "FEDORA-2010-19009", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052814.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4564.json b/2010/4xxx/CVE-2010-4564.json index cc08bdff76b..485fdcd4784 100644 --- a/2010/4xxx/CVE-2010-4564.json +++ b/2010/4xxx/CVE-2010-4564.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4564", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4564", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4743.json b/2010/4xxx/CVE-2010-4743.json index 8a1fb578962..640ef5cb9b0 100644 --- a/2010/4xxx/CVE-2010-4743.json +++ b/2010/4xxx/CVE-2010-4743.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014" - }, - { - "name" : "http://moinejf.free.fr/abcm2ps-5.txt", - "refsource" : "CONFIRM", - "url" : "http://moinejf.free.fr/abcm2ps-5.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=600729", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=600729" - }, - { - "name" : "FEDORA-2011-1092", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html" - }, - { - "name" : "FEDORA-2011-1851", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html" - }, - { - "name" : "40033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40033" - }, - { - "name" : "43338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43338" - }, - { - "name" : "ADV-2011-0390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40033" + }, + { + "name": "FEDORA-2011-1851", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html" + }, + { + "name": "ADV-2011-0390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0390" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=600729", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600729" + }, + { + "name": "43338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43338" + }, + { + "name": "FEDORA-2011-1092", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html" + }, + { + "name": "http://moinejf.free.fr/abcm2ps-5.txt", + "refsource": "CONFIRM", + "url": "http://moinejf.free.fr/abcm2ps-5.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0170.json b/2014/0xxx/CVE-2014-0170.json index 4cf0070b1a6..2d3926e764c 100644 --- a/2014/0xxx/CVE-2014-0170.json +++ b/2014/0xxx/CVE-2014-0170.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.jboss.org/browse/TEIID-2911", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/TEIID-2911" - }, - { - "name" : "RHSA-2014:1284", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1284.html" - }, - { - "name" : "1030886", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030886" - }, - { - "name" : "61530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61530" - }, - { - "name" : "jboss-data-cve20140170-info-disc(96192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jboss-data-cve20140170-info-disc(96192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96192" + }, + { + "name": "61530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61530" + }, + { + "name": "1030886", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030886" + }, + { + "name": "https://issues.jboss.org/browse/TEIID-2911", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/TEIID-2911" + }, + { + "name": "RHSA-2014:1284", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1284.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4055.json b/2014/4xxx/CVE-2014-4055.json index 97a92c9a26e..47126a07178 100644 --- a/2014/4xxx/CVE-2014-4055.json +++ b/2014/4xxx/CVE-2014-4055.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69128" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20144055-code-exec(94987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-ie-cve20144055-code-exec(94987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94987" + }, + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "69128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69128" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4057.json b/2014/4xxx/CVE-2014-4057.json index 8bb11916258..ad2eb83b646 100644 --- a/2014/4xxx/CVE-2014-4057.json +++ b/2014/4xxx/CVE-2014-4057.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69130" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20144057-code-exec(94989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69130" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + }, + { + "name": "ms-ie-cve20144057-code-exec(94989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94989" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4790.json b/2014/4xxx/CVE-2014-4790.json index b8fc658e180..b52f847cb3b 100644 --- a/2014/4xxx/CVE-2014-4790.json +++ b/2014/4xxx/CVE-2014-4790.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680665", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680665" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277" - }, - { - "name" : "60480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60480" - }, - { - "name" : "60481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60481" - }, - { - "name" : "ibm-emportis-cve20144790-phishing(93195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60480" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277" + }, + { + "name": "ibm-emportis-cve20144790-phishing(93195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195" + }, + { + "name": "60481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60481" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8050.json b/2014/8xxx/CVE-2014-8050.json index 48c647aaf5b..b57a58b20d4 100644 --- a/2014/8xxx/CVE-2014-8050.json +++ b/2014/8xxx/CVE-2014-8050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8050", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8050", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8110.json b/2014/8xxx/CVE-2014-8110.json index 6d8b8c4e499..55815b8b71e 100644 --- a/2014/8xxx/CVE-2014-8110.json +++ b/2014/8xxx/CVE-2014-8110.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/427" - }, - { - "name" : "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt", - "refsource" : "CONFIRM", - "url" : "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt" - }, - { - "name" : "72511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72511" - }, - { - "name" : "62649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62649" - }, - { - "name" : "apache-activemq-cve20148110-xss(100724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/427" + }, + { + "name": "72511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72511" + }, + { + "name": "62649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62649" + }, + { + "name": "apache-activemq-cve20148110-xss(100724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100724" + }, + { + "name": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt", + "refsource": "CONFIRM", + "url": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8507.json b/2014/8xxx/CVE-2014-8507.json index b2b262bf8e2..cef3c951950 100644 --- a/2014/8xxx/CVE-2014-8507.json +++ b/2014/8xxx/CVE-2014-8507.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141126 CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/86" - }, - { - "name" : "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html" - }, - { - "name" : "http://xteam.baidu.com/?p=167", - "refsource" : "MISC", - "url" : "http://xteam.baidu.com/?p=167" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6" - }, - { - "name" : "71310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141126 CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/86" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6" + }, + { + "name": "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html" + }, + { + "name": "http://xteam.baidu.com/?p=167", + "refsource": "MISC", + "url": "http://xteam.baidu.com/?p=167" + }, + { + "name": "71310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71310" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8957.json b/2014/8xxx/CVE-2014-8957.json index 46143c4e620..d4202ac3a90 100644 --- a/2014/8xxx/CVE-2014-8957.json +++ b/2014/8xxx/CVE-2014-8957.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be" - }, - { - "name" : "73012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73012" + }, + { + "name": "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be" + }, + { + "name": "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9127.json b/2014/9xxx/CVE-2014-9127.json index a8488a507dd..254c5c06068 100644 --- a/2014/9xxx/CVE-2014-9127.json +++ b/2014/9xxx/CVE-2014-9127.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9127", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9127", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9287.json b/2014/9xxx/CVE-2014-9287.json index d45e14df358..736512812ba 100644 --- a/2014/9xxx/CVE-2014-9287.json +++ b/2014/9xxx/CVE-2014-9287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9287", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9287", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9342.json b/2014/9xxx/CVE-2014-9342.json index e848bc34cfa..80f51e66fd1 100644 --- a/2014/9xxx/CVE-2014-9342.json +++ b/2014/9xxx/CVE-2014-9342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141202 F5 BIGIP - (OLD!) Persistent XSS in ASM Module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534137/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141202 F5 BIGIP - (OLD!) Persistent XSS in ASM Module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534137/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9610.json b/2014/9xxx/CVE-2014-9610.json index 2f9d7db6ba4..c66dde04cde 100644 --- a/2014/9xxx/CVE-2014-9610.json +++ b/2014/9xxx/CVE-2014-9610.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37929", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37929/" - }, - { - "name" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html" + }, + { + "name": "37929", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37929/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2161.json b/2016/2xxx/CVE-2016-2161.json index c31971fabf6..2e7470452ee 100644 --- a/2016/2xxx/CVE-2016-2161.json +++ b/2016/2xxx/CVE-2016-2161.json @@ -1,128 +1,128 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2016-12-20T00:00:00", - "ID" : "CVE-2016-2161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.0 to 2.4.23" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Out-of-range Pointer Offset (CWE-823)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2016-12-20T00:00:00", + "ID": "CVE-2016-2161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.0 to 2.4.23" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-04", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-04" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180423-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180423-0001/" - }, - { - "name" : "DSA-3796", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3796" - }, - { - "name" : "GLSA-201701-36", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-36" - }, - { - "name" : "RHSA-2017:0906", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0906" - }, - { - "name" : "RHSA-2017:1161", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1161" - }, - { - "name" : "RHSA-2017:1413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1413" - }, - { - "name" : "RHSA-2017:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1414" - }, - { - "name" : "RHSA-2017:1415", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html" - }, - { - "name" : "95076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95076" - }, - { - "name" : "1037508", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Out-of-range Pointer Offset (CWE-823)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "95076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95076" + }, + { + "name": "DSA-3796", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3796" + }, + { + "name": "1037508", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037508" + }, + { + "name": "RHSA-2017:1413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1413" + }, + { + "name": "RHSA-2017:1161", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1161" + }, + { + "name": "https://www.tenable.com/security/tns-2017-04", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-04" + }, + { + "name": "RHSA-2017:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1414" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161" + }, + { + "name": "RHSA-2017:1415", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html" + }, + { + "name": "RHSA-2017:0906", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0906" + }, + { + "name": "GLSA-201701-36", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-36" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180423-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180423-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2433.json b/2016/2xxx/CVE-2016-2433.json index 8506245e2db..817d3f577bc 100644 --- a/2016/2xxx/CVE-2016-2433.json +++ b/2016/2xxx/CVE-2016-2433.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167" - }, - { - "name" : "98034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98034" + }, + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038167" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3465.json b/2016/3xxx/CVE-2016-3465.json index f7f96c74002..fa03772b3c2 100644 --- a/2016/3xxx/CVE-2016-3465.json +++ b/2016/3xxx/CVE-2016-3465.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035629" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3763.json b/2016/3xxx/CVE-2016-3763.json index e928edf11dc..1bf49ce7d0a 100644 --- a/2016/3xxx/CVE-2016-3763.json +++ b/2016/3xxx/CVE-2016-3763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3817.json b/2016/3xxx/CVE-2016-3817.json index d61f760bb46..330493626e4 100644 --- a/2016/3xxx/CVE-2016-3817.json +++ b/2016/3xxx/CVE-2016-3817.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3817", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3817", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3943.json b/2016/3xxx/CVE-2016-3943.json index ff6bad786fc..c832bd59823 100644 --- a/2016/3xxx/CVE-2016-3943.json +++ b/2016/3xxx/CVE-2016-3943.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39671", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39671/" - }, - { - "name" : "20160406 Panda Security Multiple Business Products - Privilege Escalation", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Apr/24" - }, - { - "name" : "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39671", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39671/" + }, + { + "name": "20160406 Panda Security Multiple Business Products - Privilege Escalation", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Apr/24" + }, + { + "name": "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3983.json b/2016/3xxx/CVE-2016-3983.json index f9ea5228de0..c186ee386ca 100644 --- a/2016/3xxx/CVE-2016-3983.json +++ b/2016/3xxx/CVE-2016-3983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10149", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10149", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10149" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3984.json b/2016/3xxx/CVE-2016-3984.json index 71f03ae5152..f9b1bed34f6 100644 --- a/2016/3xxx/CVE-2016-3984.json +++ b/2016/3xxx/CVE-2016-3984.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39531", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39531/" - }, - { - "name" : "20160304 McAfee VirusScan Enterprise security restrictions bypass", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Mar/13" - }, - { - "name" : "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt", - "refsource" : "MISC", - "url" : "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10151", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10151" - }, - { - "name" : "1035130", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160304 McAfee VirusScan Enterprise security restrictions bypass", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Mar/13" + }, + { + "name": "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt", + "refsource": "MISC", + "url": "http://lab.mediaservice.net/advisory/2016-01-mcafee.txt" + }, + { + "name": "39531", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39531/" + }, + { + "name": "1035130", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035130" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10151", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10151" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6123.json b/2016/6xxx/CVE-2016-6123.json index d22f2eca90a..5a4e19ee1dd 100644 --- a/2016/6xxx/CVE-2016-6123.json +++ b/2016/6xxx/CVE-2016-6123.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LMS on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "13.0" - }, - { - "version_value" : "13.1" - }, - { - "version_value" : "13.2" - }, - { - "version_value" : "13.2.2" - }, - { - "version_value" : "13.2.3" - }, - { - "version_value" : "13.2.4" - }, - { - "version_value" : "14.0.0" - }, - { - "version_value" : "14.1.0" - }, - { - "version_value" : "14.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LMS on Cloud", + "version": { + "version_data": [ + { + "version_value": "13.0" + }, + { + "version_value": "13.1" + }, + { + "version_value": "13.2" + }, + { + "version_value": "13.2.2" + }, + { + "version_value": "13.2.3" + }, + { + "version_value": "13.2.4" + }, + { + "version_value": "14.0.0" + }, + { + "version_value": "14.1.0" + }, + { + "version_value": "14.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982" - }, - { - "name" : "94305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94305" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993982", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993982" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6282.json b/2016/6xxx/CVE-2016-6282.json index d9c26e724de..842fc3a63d3 100644 --- a/2016/6xxx/CVE-2016-6282.json +++ b/2016/6xxx/CVE-2016-6282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6357.json b/2016/6xxx/CVE-2016-6357.json index 7eb1e7618e6..c9074acaee5 100644 --- a/2016/6xxx/CVE-2016-6357.json +++ b/2016/6xxx/CVE-2016-6357.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco AsyncOS through 9.9.6-026", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco AsyncOS through 9.9.6-026" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco AsyncOS through 9.9.6-026", + "version": { + "version_data": [ + { + "version_value": "Cisco AsyncOS through 9.9.6-026" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5" - }, - { - "name" : "93909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93909" - }, - { - "name" : "1037114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5" + }, + { + "name": "93909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93909" + }, + { + "name": "1037114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037114" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6535.json b/2016/6xxx/CVE-2016-6535.json index 8bf85c37f13..61096345bbe 100644 --- a/2016/6xxx/CVE-2016-6535.json +++ b/2016/6xxx/CVE-2016-6535.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#667480", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/667480" - }, - { - "name" : "92936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#667480", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/667480" + }, + { + "name": "92936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92936" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6786.json b/2016/6xxx/CVE-2016-6786.json index edc73d53a88..27c4116007f 100644 --- a/2016/6xxx/CVE-2016-6786.json +++ b/2016/6xxx/CVE-2016-6786.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1403842", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1403842" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b" - }, - { - "name" : "DSA-3791", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3791" - }, - { - "name" : "94679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b" + }, + { + "name": "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842" + }, + { + "name": "94679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94679" + }, + { + "name": "DSA-3791", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3791" + }, + { + "name": "http://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-12-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7108.json b/2016/7xxx/CVE-2016-7108.json index 3de8c30b17b..2f75e483031 100644 --- a/2016/7xxx/CVE-2016-7108.json +++ b/2016/7xxx/CVE-2016-7108.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en" - }, - { - "name" : "92619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en" + }, + { + "name": "92619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92619" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7395.json b/2016/7xxx/CVE-2016-7395.json index 6efd28486d0..329f9991cea 100644 --- a/2016/7xxx/CVE-2016-7395.json +++ b/2016/7xxx/CVE-2016-7395.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-7395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codereview.chromium.org/2006143009", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2006143009" - }, - { - "name" : "https://crbug.com/613918", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/613918" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" - }, - { - "name" : "DSA-3667", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3667" - }, - { - "name" : "92717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/613918", + "refsource": "CONFIRM", + "url": "https://crbug.com/613918" + }, + { + "name": "DSA-3667", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3667" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" + }, + { + "name": "92717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92717" + }, + { + "name": "https://codereview.chromium.org/2006143009", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2006143009" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7476.json b/2016/7xxx/CVE-2016-7476.json index 0a8f302dd98..14825107d9f 100644 --- a/2016/7xxx/CVE-2016-7476.json +++ b/2016/7xxx/CVE-2016-7476.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-7476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, 11.3.0 before 11.4.1 HF10" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Traffic Management Microkernel (TMM) memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-7476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, WebSafe", + "version": { + "version_data": [ + { + "version_value": "11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, 11.3.0 before 11.4.1 HF10" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/#/article/K87416818", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/#/article/K87416818" - }, - { - "name" : "94353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94353" - }, - { - "name" : "1037274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Traffic Management Microkernel (TMM) memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037274" + }, + { + "name": "https://support.f5.com/csp/#/article/K87416818", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/#/article/K87416818" + }, + { + "name": "94353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94353" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7588.json b/2016/7xxx/CVE-2016-7588.json index c103b070154..0e27ed0c44e 100644 --- a/2016/7xxx/CVE-2016-7588.json +++ b/2016/7xxx/CVE-2016-7588.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreMedia Playback\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "94905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94905" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreMedia Playback\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "94905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94905" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7617.json b/2016/7xxx/CVE-2016-7617.json index a3d99ddc7b2..62c2fb761f7 100644 --- a/2016/7xxx/CVE-2016-7617.json +++ b/2016/7xxx/CVE-2016-7617.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40952", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40952/" - }, - { - "name" : "https://support.apple.com/HT207423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207423" - }, - { - "name" : "94903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94903" - }, - { - "name" : "1037469", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94903" + }, + { + "name": "40952", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40952/" + }, + { + "name": "1037469", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037469" + }, + { + "name": "https://support.apple.com/HT207423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207423" + } + ] + } +} \ No newline at end of file