diff --git a/2006/0xxx/CVE-2006-0325.json b/2006/0xxx/CVE-2006-0325.json index ad373b0a947..c41eafde187 100644 --- a/2006/0xxx/CVE-2006-0325.json +++ b/2006/0xxx/CVE-2006-0325.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the \"cij\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060130 Etomite followup information", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423523/100/0/threaded" - }, - { - "name" : "20060127 Etomite CMS \"Backdoored\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423497/100/0/threaded" - }, - { - "name" : "http://www.lucaercoli.it/advs/etomite.txt", - "refsource" : "MISC", - "url" : "http://www.lucaercoli.it/advs/etomite.txt" - }, - { - "name" : "http://www.etomite.org/forums/index.php?showtopic=4291", - "refsource" : "CONFIRM", - "url" : "http://www.etomite.org/forums/index.php?showtopic=4291" - }, - { - "name" : "http://www.etomite.org/forums/index.php?showtopic=4185", - "refsource" : "CONFIRM", - "url" : "http://www.etomite.org/forums/index.php?showtopic=4185" - }, - { - "name" : "16336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16336" - }, - { - "name" : "ADV-2006-0283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0283" - }, - { - "name" : "22693", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22693" - }, - { - "name" : "18556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18556" - }, - { - "name" : "etomite-default-backdoor(24254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the \"cij\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16336" + }, + { + "name": "18556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18556" + }, + { + "name": "ADV-2006-0283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0283" + }, + { + "name": "http://www.etomite.org/forums/index.php?showtopic=4185", + "refsource": "CONFIRM", + "url": "http://www.etomite.org/forums/index.php?showtopic=4185" + }, + { + "name": "22693", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22693" + }, + { + "name": "20060127 Etomite CMS \"Backdoored\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423497/100/0/threaded" + }, + { + "name": "etomite-default-backdoor(24254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24254" + }, + { + "name": "http://www.etomite.org/forums/index.php?showtopic=4291", + "refsource": "CONFIRM", + "url": "http://www.etomite.org/forums/index.php?showtopic=4291" + }, + { + "name": "http://www.lucaercoli.it/advs/etomite.txt", + "refsource": "MISC", + "url": "http://www.lucaercoli.it/advs/etomite.txt" + }, + { + "name": "20060130 Etomite followup information", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423523/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1121.json b/2006/1xxx/CVE-2006-1121.json index f68e2368edf..bfc49a97eb5 100644 --- a/2006/1xxx/CVE-2006-1121.json +++ b/2006/1xxx/CVE-2006-1121.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426759/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-277.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-277.html" - }, - { - "name" : "16961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16961" - }, - { - "name" : "1015726", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015726" - }, - { - "name" : "531", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/531" - }, - { - "name" : "cutenews-index-script-xss(25052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cutenews-index-script-xss(25052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25052" + }, + { + "name": "20060304 [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426759/100/0/threaded" + }, + { + "name": "16961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16961" + }, + { + "name": "1015726", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015726" + }, + { + "name": "http://kapda.ir/advisory-277.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-277.html" + }, + { + "name": "531", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/531" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1185.json b/2006/1xxx/CVE-2006-1185.json index 1bf1664a1e9..7978c8e0908 100644 --- a/2006/1xxx/CVE-2006-1185.json +++ b/2006/1xxx/CVE-2006-1185.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-1185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" - }, - { - "name" : "TA06-101A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" - }, - { - "name" : "VU#503124", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/503124" - }, - { - "name" : "17450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17450" - }, - { - "name" : "ADV-2006-1318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1318" - }, - { - "name" : "oval:org.mitre.oval:def:1677", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" - }, - { - "name" : "oval:org.mitre.oval:def:1711", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" - }, - { - "name" : "oval:org.mitre.oval:def:787", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" - }, - { - "name" : "1015900", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015900" - }, - { - "name" : "18957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18957" - }, - { - "name" : "ie-html-execute-code(25542)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18957" + }, + { + "name": "1015900", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015900" + }, + { + "name": "oval:org.mitre.oval:def:1677", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677" + }, + { + "name": "oval:org.mitre.oval:def:787", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787" + }, + { + "name": "TA06-101A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" + }, + { + "name": "oval:org.mitre.oval:def:1711", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711" + }, + { + "name": "17450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17450" + }, + { + "name": "ie-html-execute-code(25542)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542" + }, + { + "name": "VU#503124", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/503124" + }, + { + "name": "MS06-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" + }, + { + "name": "ADV-2006-1318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1318" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1196.json b/2006/1xxx/CVE-2006-1196.json index 624ded2f857..8715d6e9ebe 100644 --- a/2006/1xxx/CVE-2006-1196.json +++ b/2006/1xxx/CVE-2006-1196.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kiki91.altervista.org/exploit/qwikiwiki_1.0.5_xss.txt", - "refsource" : "MISC", - "url" : "http://kiki91.altervista.org/exploit/qwikiwiki_1.0.5_xss.txt" - }, - { - "name" : "17064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17064" - }, - { - "name" : "ADV-2006-0910", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0910" - }, - { - "name" : "23786", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23786" - }, - { - "name" : "23787", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23787" - }, - { - "name" : "23788", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23788" - }, - { - "name" : "23789", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23789" - }, - { - "name" : "19182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19182" - }, - { - "name" : "qwikiwiki-multiple-scripts-xss(25128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23788", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23788" + }, + { + "name": "19182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19182" + }, + { + "name": "17064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17064" + }, + { + "name": "23789", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23789" + }, + { + "name": "qwikiwiki-multiple-scripts-xss(25128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25128" + }, + { + "name": "http://kiki91.altervista.org/exploit/qwikiwiki_1.0.5_xss.txt", + "refsource": "MISC", + "url": "http://kiki91.altervista.org/exploit/qwikiwiki_1.0.5_xss.txt" + }, + { + "name": "23786", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23786" + }, + { + "name": "ADV-2006-0910", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0910" + }, + { + "name": "23787", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23787" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5101.json b/2006/5xxx/CVE-2006-5101.json index 6b712462b6d..45796eea6de 100644 --- a/2006/5xxx/CVE-2006-5101.json +++ b/2006/5xxx/CVE-2006-5101.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060927 Comdev CSV Importer 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447184/100/0/threaded" - }, - { - "name" : "20060927 Comdev Contact Form 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447192/100/0/threaded" - }, - { - "name" : "20060927 Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447188/100/0/threaded" - }, - { - "name" : "20060927 Comdev Events Calendar 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447213/100/0/threaded" - }, - { - "name" : "20060927 Comdev FAQ Support 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447201/100/0/threaded" - }, - { - "name" : "20060927 Comdev Guestbook 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447207/100/0/threaded" - }, - { - "name" : "20060927 Comdev Links Directory 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447185/100/0/threaded" - }, - { - "name" : "20060927 Comdev News Publisher 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447190/100/0/threaded" - }, - { - "name" : "20060927 Comdev Newsletter 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447209/100/0/threaded" - }, - { - "name" : "20060927 Comdev Photo Gallery 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447187/100/0/threaded" - }, - { - "name" : "20060927 Comdev Vote Caster 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447186/100/0/threaded" - }, - { - "name" : "20060927 Comdev Web Blogger 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447193/100/0/threaded" - }, - { - "name" : "20060927 Comdev eCommerce 3.1 :) <= Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447194/100/0/threaded" - }, - { - "name" : "ADV-2006-3808", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3808" - }, - { - "name" : "ADV-2006-3803", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3803" - }, - { - "name" : "ADV-2006-3804", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3804" - }, - { - "name" : "ADV-2006-3805", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3805" - }, - { - "name" : "ADV-2006-3806", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3806" - }, - { - "name" : "ADV-2006-3807", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3807" - }, - { - "name" : "ADV-2006-3809", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3809" - }, - { - "name" : "ADV-2006-3810", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3810" - }, - { - "name" : "ADV-2006-3811", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3811" - }, - { - "name" : "ADV-2006-3812", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3812" - }, - { - "name" : "ADV-2006-3813", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3813" - }, - { - "name" : "ADV-2006-3814", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3814" - }, - { - "name" : "ADV-2006-3815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3815" - }, - { - "name" : "29299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29299" - }, - { - "name" : "29300", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29300" - }, - { - "name" : "29301", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29301" - }, - { - "name" : "29302", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29302" - }, - { - "name" : "29303", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29303" - }, - { - "name" : "29305", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29305" - }, - { - "name" : "29307", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29307" - }, - { - "name" : "29310", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29310" - }, - { - "name" : "29311", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29311" - }, - { - "name" : "29306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29306" - }, - { - "name" : "29304", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29304" - }, - { - "name" : "29308", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29308" - }, - { - "name" : "29309", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29309" - }, - { - "name" : "22135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22135" - }, - { - "name" : "22133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22133" - }, - { - "name" : "22134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22134" - }, - { - "name" : "22147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22147" - }, - { - "name" : "22149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22149" - }, - { - "name" : "22151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22151" - }, - { - "name" : "22153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22153" - }, - { - "name" : "22154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22154" - }, - { - "name" : "22157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22157" - }, - { - "name" : "22168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22168" - }, - { - "name" : "22169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22169" - }, - { - "name" : "22170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22170" - }, - { - "name" : "1658", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1658" - }, - { - "name" : "comdev-include-file-include(29220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3807", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3807" + }, + { + "name": "ADV-2006-3811", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3811" + }, + { + "name": "29300", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29300" + }, + { + "name": "29310", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29310" + }, + { + "name": "20060927 Comdev News Publisher 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447190/100/0/threaded" + }, + { + "name": "22147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22147" + }, + { + "name": "22157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22157" + }, + { + "name": "20060927 Comdev Contact Form 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447192/100/0/threaded" + }, + { + "name": "20060927 Comdev eCommerce 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447194/100/0/threaded" + }, + { + "name": "29303", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29303" + }, + { + "name": "ADV-2006-3806", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3806" + }, + { + "name": "22153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22153" + }, + { + "name": "22169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22169" + }, + { + "name": "ADV-2006-3809", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3809" + }, + { + "name": "ADV-2006-3813", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3813" + }, + { + "name": "1658", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1658" + }, + { + "name": "29305", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29305" + }, + { + "name": "20060927 Comdev Newsletter 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447209/100/0/threaded" + }, + { + "name": "29311", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29311" + }, + { + "name": "22170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22170" + }, + { + "name": "20060927 Comdev Photo Gallery 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447187/100/0/threaded" + }, + { + "name": "29307", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29307" + }, + { + "name": "20060927 Comdev Events Calendar 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447213/100/0/threaded" + }, + { + "name": "22168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22168" + }, + { + "name": "20060927 Comdev Guestbook 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447207/100/0/threaded" + }, + { + "name": "29304", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29304" + }, + { + "name": "22149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22149" + }, + { + "name": "ADV-2006-3808", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3808" + }, + { + "name": "20060927 Comdev Vote Caster 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447186/100/0/threaded" + }, + { + "name": "ADV-2006-3804", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3804" + }, + { + "name": "22135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22135" + }, + { + "name": "29306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29306" + }, + { + "name": "22154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22154" + }, + { + "name": "22134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22134" + }, + { + "name": "ADV-2006-3812", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3812" + }, + { + "name": "20060927 Comdev FAQ Support 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447201/100/0/threaded" + }, + { + "name": "ADV-2006-3810", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3810" + }, + { + "name": "29308", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29308" + }, + { + "name": "22133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22133" + }, + { + "name": "29302", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29302" + }, + { + "name": "20060927 Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447188/100/0/threaded" + }, + { + "name": "ADV-2006-3805", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3805" + }, + { + "name": "comdev-include-file-include(29220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29220" + }, + { + "name": "29301", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29301" + }, + { + "name": "ADV-2006-3803", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3803" + }, + { + "name": "29299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29299" + }, + { + "name": "20060927 Comdev Links Directory 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447185/100/0/threaded" + }, + { + "name": "20060927 Comdev Web Blogger 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447193/100/0/threaded" + }, + { + "name": "22151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22151" + }, + { + "name": "ADV-2006-3814", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3814" + }, + { + "name": "20060927 Comdev CSV Importer 3.1 :) <= Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447184/100/0/threaded" + }, + { + "name": "29309", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29309" + }, + { + "name": "ADV-2006-3815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3815" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5343.json b/2006/5xxx/CVE-2006-5343.json index 39869664e45..99ed6fa24a2 100644 --- a/2006/5xxx/CVE-2006-5343.json +++ b/2006/5xxx/CVE-2006-5343.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbms_scheduler, aka Vuln# DB19." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 Analysis of the Oracle October 2006 Critical Patch Update", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449110/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbms_scheduler, aka Vuln# DB19." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf" + }, + { + "name": "20061018 Analysis of the Oracle October 2006 Critical Patch Update", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449110/100/0/threaded" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5350.json b/2006/5xxx/CVE-2006-5350.json index 297719a9165..e75b28aefd8 100644 --- a/2006/5xxx/CVE-2006-5350.json +++ b/2006/5xxx/CVE-2006-5350.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5367.json b/2006/5xxx/CVE-2006-5367.json index 2d99a5fd3e9..3d5d88dfdfb 100644 --- a/2006/5xxx/CVE-2006-5367.json +++ b/2006/5xxx/CVE-2006-5367.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded" - }, - { - "name" : "TA06-291A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" - }, - { - "name" : "20588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20588" - }, - { - "name" : "ADV-2006-4065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4065" - }, - { - "name" : "1017077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017077" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html" + }, + { + "name": "20588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20588" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded" + }, + { + "name": "ADV-2006-4065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4065" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "1017077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017077" + }, + { + "name": "TA06-291A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5435.json b/2006/5xxx/CVE-2006-5435.json index 15ca29a98cc..2f5ed9e8834 100644 --- a/2006/5xxx/CVE-2006-5435.json +++ b/2006/5xxx/CVE-2006-5435.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449114/100/0/threaded" - }, - { - "name" : "20061018 Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449232/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061018 PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded" + }, + { + "name": "20061018 Re: PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5600.json b/2006/5xxx/CVE-2006-5600.json index 7c34587c28b..6a0a9668c19 100644 --- a/2006/5xxx/CVE-2006-5600.json +++ b/2006/5xxx/CVE-2006-5600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\\keytool.config or (2) webapps\\protiva\\WEB-INF\\classes\\authserver.config." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061026 Insecure storage of passwords in Axalto Protiva", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449891/100/0/threaded" - }, - { - "name" : "20755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20755" - }, - { - "name" : "1793", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1793" - }, - { - "name" : "axalto-password-information-disclosure(29839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\\keytool.config or (2) webapps\\protiva\\WEB-INF\\classes\\authserver.config." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "axalto-password-information-disclosure(29839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29839" + }, + { + "name": "1793", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1793" + }, + { + "name": "20755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20755" + }, + { + "name": "20061026 Insecure storage of passwords in Axalto Protiva", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449891/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2031.json b/2007/2xxx/CVE-2007-2031.json index dfdc1bb5f48..b53475b1122 100644 --- a/2007/2xxx/CVE-2007-2031.json +++ b/2007/2xxx/CVE-2007-2031.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070423 3proxy 0.5.3i bugfix release", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466650/100/100/threaded" - }, - { - "name" : "http://3proxy.ru/0.5.3h/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://3proxy.ru/0.5.3h/Changelog.txt" - }, - { - "name" : "GLSA-200704-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200704-17.xml" - }, - { - "name" : "23545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23545" - }, - { - "name" : "ADV-2007-1442", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1442" - }, - { - "name" : "24961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24961" - }, - { - "name" : "25001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25001" - }, - { - "name" : "3proxy-transparent-requests-bo(33841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200704-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200704-17.xml" + }, + { + "name": "25001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25001" + }, + { + "name": "3proxy-transparent-requests-bo(33841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33841" + }, + { + "name": "24961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24961" + }, + { + "name": "http://3proxy.ru/0.5.3h/Changelog.txt", + "refsource": "CONFIRM", + "url": "http://3proxy.ru/0.5.3h/Changelog.txt" + }, + { + "name": "ADV-2007-1442", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1442" + }, + { + "name": "23545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23545" + }, + { + "name": "20070423 3proxy 0.5.3i bugfix release", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466650/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2051.json b/2007/2xxx/CVE-2007-2051.json index 63de81814f4..a9daacaae79 100644 --- a/2007/2xxx/CVE-2007-2051.json +++ b/2007/2xxx/CVE-2007-2051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077" - }, - { - "name" : "ADV-2007-1347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1347" - }, - { - "name" : "34890", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34890", + "refsource": "OSVDB", + "url": "http://osvdb.org/34890" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077" + }, + { + "name": "ADV-2007-1347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1347" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2624.json b/2007/2xxx/CVE-2007-2624.json index 532b78ba318..ff63bffd6b2 100644 --- a/2007/2xxx/CVE-2007-2624.json +++ b/2007/2xxx/CVE-2007-2624.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=504924", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=504924" - }, - { - "name" : "23790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23790" - }, - { - "name" : "ADV-2007-1637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1637" - }, - { - "name" : "35534", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35534" - }, - { - "name" : "25088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25088" - }, - { - "name" : "aiocp-cpconfig-xss(34038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25088" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=504924", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=504924" + }, + { + "name": "aiocp-cpconfig-xss(34038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34038" + }, + { + "name": "23790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23790" + }, + { + "name": "ADV-2007-1637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1637" + }, + { + "name": "35534", + "refsource": "OSVDB", + "url": "http://osvdb.org/35534" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2717.json b/2007/2xxx/CVE-2007-2717.json index 8e2da8d4827..8a32f4e512d 100644 --- a/2007/2xxx/CVE-2007-2717.json +++ b/2007/2xxx/CVE-2007-2717.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3907", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3907" - }, - { - "name" : "23949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23949" - }, - { - "name" : "37910", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3907", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3907" + }, + { + "name": "37910", + "refsource": "OSVDB", + "url": "http://osvdb.org/37910" + }, + { + "name": "23949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23949" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2967.json b/2007/2xxx/CVE-2007-2967.json index 966040ce7d0..9939e1fe764 100644 --- a/2007/2xxx/CVE-2007-2967.json +++ b/2007/2xxx/CVE-2007-2967.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070604 n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470462/100/0/threaded" - }, - { - "name" : "20070604 n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470484/100/0/threaded" - }, - { - "name" : "20070604 n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063714.html" - }, - { - "name" : "20070604 n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063715.html" - }, - { - "name" : "http://www.nruns.com/security_advisory_fsecure_arj.php", - "refsource" : "MISC", - "url" : "http://www.nruns.com/security_advisory_fsecure_arj.php" - }, - { - "name" : "http://www.nruns.com/security_advisory_fsecure_fsg.php", - "refsource" : "MISC", - "url" : "http://www.nruns.com/security_advisory_fsecure_fsg.php" - }, - { - "name" : "http://www.f-secure.com/security/fsc-2007-3.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2007-3.shtml" - }, - { - "name" : "36725", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36725" - }, - { - "name" : "36726", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36726" - }, - { - "name" : "ADV-2007-1985", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1985" - }, - { - "name" : "1018146", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018146" - }, - { - "name" : "1018147", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018147" - }, - { - "name" : "1018148", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018148" - }, - { - "name" : "25440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25440" - }, - { - "name" : "fsecure-unspecified-archive-dos(34581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36725", + "refsource": "OSVDB", + "url": "http://osvdb.org/36725" + }, + { + "name": "20070604 n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063714.html" + }, + { + "name": "http://www.nruns.com/security_advisory_fsecure_arj.php", + "refsource": "MISC", + "url": "http://www.nruns.com/security_advisory_fsecure_arj.php" + }, + { + "name": "1018148", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018148" + }, + { + "name": "1018147", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018147" + }, + { + "name": "1018146", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018146" + }, + { + "name": "20070604 n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470484/100/0/threaded" + }, + { + "name": "ADV-2007-1985", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1985" + }, + { + "name": "20070604 n.runs-SA-2007.015 - F-Secure Antivirus FSG packed files parsing Infinite Loop Advisory", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063715.html" + }, + { + "name": "http://www.nruns.com/security_advisory_fsecure_fsg.php", + "refsource": "MISC", + "url": "http://www.nruns.com/security_advisory_fsecure_fsg.php" + }, + { + "name": "36726", + "refsource": "OSVDB", + "url": "http://osvdb.org/36726" + }, + { + "name": "http://www.f-secure.com/security/fsc-2007-3.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2007-3.shtml" + }, + { + "name": "25440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25440" + }, + { + "name": "20070604 n.runs-SA-2007.014 - F-Secure Antivirus ARJ parsing Infinite Loop Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470462/100/0/threaded" + }, + { + "name": "fsecure-unspecified-archive-dos(34581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34581" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0031.json b/2010/0xxx/CVE-2010-0031.json index 8b1fac2df58..a5a38befafc 100644 --- a/2010/0xxx/CVE-2010-0031.json +++ b/2010/0xxx/CVE-2010-0031.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-004" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8081", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8081" - }, - { - "name" : "1023563", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8081", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8081" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-004" + }, + { + "name": "1023563", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023563" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0047.json b/2010/0xxx/CVE-2010-0047.json index 057904ea147..3b3a2ca4df7 100644 --- a/2010/0xxx/CVE-2010-0047.json +++ b/2010/0xxx/CVE-2010-0047.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to \"HTML object element fallback content.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "FEDORA-2010-8360", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" - }, - { - "name" : "FEDORA-2010-8379", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" - }, - { - "name" : "FEDORA-2010-8423", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "oval:org.mitre.oval:def:6882", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6882" - }, - { - "name" : "1023708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023708" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to \"HTML object element fallback content.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "1023708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023708" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "FEDORA-2010-8360", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:6882", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6882" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "FEDORA-2010-8379", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "FEDORA-2010-8423", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0072.json b/2010/0xxx/CVE-2010-0072.json index 3b7b8cedd5d..a97825065ae 100644 --- a/2010/0xxx/CVE-2010-0072.json +++ b/2010/0xxx/CVE-2010-0072.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a \"reverse lookup of connections\" to TCP port 10000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "TA10-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a \"reverse lookup of connections\" to TCP port 10000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "TA10-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0410.json b/2010/0xxx/CVE-2010-0410.json index d7c8caac0db..6ff0ccd6e04 100644 --- a/2010/0xxx/CVE-2010-0410.json +++ b/2010/0xxx/CVE-2010-0410.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[oss-security] 20100203 CVE request: kernel OOM/crash in drivers/connector", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/03/1" - }, - { - "name" : "[oss-security] 20100203 Re: CVE request: kernel OOM/crash in drivers/connector", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/03/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=561682", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=561682" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100088287", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100088287" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-1996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1996" - }, - { - "name" : "DSA-2005", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2005" - }, - { - "name" : "FEDORA-2010-1787", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" - }, - { - "name" : "FEDORA-2010-1804", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html" - }, - { - "name" : "MDVSA-2010:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088" - }, - { - "name" : "RHSA-2010:0161", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0161.html" - }, - { - "name" : "RHSA-2010:0398", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0398.html" - }, - { - "name" : "SUSE-SA:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html" - }, - { - "name" : "SUSE-SA:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html" - }, - { - "name" : "SUSE-SA:2010:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2010_23_kernel.html" - }, - { - "name" : "SUSE-SA:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" - }, - { - "name" : "USN-914-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-914-1" - }, - { - "name" : "38058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38058" - }, - { - "name" : "oval:org.mitre.oval:def:10903", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10903" - }, - { - "name" : "38492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38492" - }, - { - "name" : "38557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38557" - }, - { - "name" : "38922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38922" - }, - { - "name" : "39649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39649" - }, - { - "name" : "39742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39742" - }, - { - "name" : "38779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38779" - }, - { - "name" : "39033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39033" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "ADV-2010-0638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-914-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-914-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8" + }, + { + "name": "ADV-2010-0638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0638" + }, + { + "name": "38557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38557" + }, + { + "name": "FEDORA-2010-1804", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html" + }, + { + "name": "oval:org.mitre.oval:def:10903", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10903" + }, + { + "name": "38779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38779" + }, + { + "name": "MDVSA-2010:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088" + }, + { + "name": "39649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39649" + }, + { + "name": "SUSE-SA:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" + }, + { + "name": "38922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38922" + }, + { + "name": "[oss-security] 20100203 Re: CVE request: kernel OOM/crash in drivers/connector", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/03/3" + }, + { + "name": "SUSE-SA:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html" + }, + { + "name": "DSA-1996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1996" + }, + { + "name": "38058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38058" + }, + { + "name": "FEDORA-2010-1787", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=561682", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561682" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7" + }, + { + "name": "39033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39033" + }, + { + "name": "RHSA-2010:0398", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0398.html" + }, + { + "name": "SUSE-SA:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html" + }, + { + "name": "SUSE-SA:2010:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "39742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39742" + }, + { + "name": "[oss-security] 20100203 CVE request: kernel OOM/crash in drivers/connector", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/03/1" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100088287", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100088287" + }, + { + "name": "DSA-2005", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2005" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "38492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38492" + }, + { + "name": "RHSA-2010:0161", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0161.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0626.json b/2010/0xxx/CVE-2010-0626.json index e1cc9bb50c7..53969326b9a 100644 --- a/2010/0xxx/CVE-2010-0626.json +++ b/2010/0xxx/CVE-2010-0626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0869.json b/2010/0xxx/CVE-2010-0869.json index 8cd21763ca5..8e2d5ebba84 100644 --- a/2010/0xxx/CVE-2010-0869.json +++ b/2010/0xxx/CVE-2010-0869.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "1023859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023859" - }, - { - "name" : "39441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "1023859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023859" + }, + { + "name": "39441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39441" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1366.json b/2010/1xxx/CVE-2010-1366.json index 47148d57fe5..bbecc933425 100644 --- a/2010/1xxx/CVE-2010-1366.json +++ b/2010/1xxx/CVE-2010-1366.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/uigafanclub-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/uigafanclub-sql.txt" - }, - { - "name" : "11593", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11593", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11593" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/uigafanclub-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/uigafanclub-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1580.json b/2010/1xxx/CVE-2010-1580.json index 456afe67357..3f72db40f12 100644 --- a/2010/1xxx/CVE-2010-1580.json +++ b/2010/1xxx/CVE-2010-1580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-1580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml" - }, - { - "name" : "40842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40842" + }, + { + "name": "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3917.json b/2010/3xxx/CVE-2010-3917.json index 7efab207a76..650d6cfb583 100644 --- a/2010/3xxx/CVE-2010-3917.json +++ b/2010/3xxx/CVE-2010-3917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4239.json b/2010/4xxx/CVE-2010-4239.json index 2ebb1808c69..0b6057ccb42 100644 --- a/2010/4xxx/CVE-2010-4239.json +++ b/2010/4xxx/CVE-2010-4239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4600.json b/2010/4xxx/CVE-2010-4600.json index 7a16629e8b3..daa298bde04 100644 --- a/2010/4xxx/CVE-2010-4600.json +++ b/2010/4xxx/CVE-2010-4600.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an \"open direct\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme" - }, - { - "name" : "PM15146", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146" - }, - { - "name" : "42624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an \"open direct\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme" + }, + { + "name": "PM15146", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146" + }, + { + "name": "42624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42624" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4711.json b/2010/4xxx/CVE-2010-4711.json index 2bc2e88437e..18cf9ee66a1 100644 --- a/2010/4xxx/CVE-2010-4711.json +++ b/2010/4xxx/CVE-2010-4711.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-242/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-242/" - }, - { - "name" : "http://www.facebook.com/note.php?note_id=477865030928", - "refsource" : "CONFIRM", - "url" : "http://www.facebook.com/note.php?note_id=477865030928" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=647519", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=647519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-242/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-242/" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1" + }, + { + "name": "http://www.facebook.com/note.php?note_id=477865030928", + "refsource": "CONFIRM", + "url": "http://www.facebook.com/note.php?note_id=477865030928" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=647519", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=647519" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4858.json b/2010/4xxx/CVE-2010-4858.json index c5911556112..b940f3fe7e5 100644 --- a/2010/4xxx/CVE-2010-4858.json +++ b/2010/4xxx/CVE-2010-4858.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15204", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15204" - }, - { - "name" : "http://packetstormsecurity.org/1010-exploits/dnetlivestats-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1010-exploits/dnetlivestats-lfi.txt" - }, - { - "name" : "43708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43708" - }, - { - "name" : "8417", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8417", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8417" + }, + { + "name": "43708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43708" + }, + { + "name": "15204", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15204" + }, + { + "name": "http://packetstormsecurity.org/1010-exploits/dnetlivestats-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1010-exploits/dnetlivestats-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4871.json b/2010/4xxx/CVE-2010-4871.json index dc12b621c4b..64ae39ed727 100644 --- a/2010/4xxx/CVE-2010-4871.json +++ b/2010/4xxx/CVE-2010-4871.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smartftp.com/forums/index.php?/topic/16425-smartftp-client-4-0-change-log", - "refsource" : "CONFIRM", - "url" : "http://smartftp.com/forums/index.php?/topic/16425-smartftp-client-4-0-change-log" - }, - { - "name" : "69136", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69136" - }, - { - "name" : "42060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42060" - }, - { - "name" : "smartftp-filename-unspecified(63113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42060" + }, + { + "name": "http://smartftp.com/forums/index.php?/topic/16425-smartftp-client-4-0-change-log", + "refsource": "CONFIRM", + "url": "http://smartftp.com/forums/index.php?/topic/16425-smartftp-client-4-0-change-log" + }, + { + "name": "smartftp-filename-unspecified(63113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63113" + }, + { + "name": "69136", + "refsource": "OSVDB", + "url": "http://osvdb.org/69136" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0157.json b/2014/0xxx/CVE-2014-0157.json index 1ffc1ba3e84..83fccd6dfbc 100644 --- a/2014/0xxx/CVE-2014-0157.json +++ b/2014/0xxx/CVE-2014-0157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/08/8" - }, - { - "name" : "https://launchpad.net/bugs/1289033", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1289033" - }, - { - "name" : "openSUSE-SU-2015:0078", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" - }, - { - "name" : "66706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66706" + }, + { + "name": "[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/08/8" + }, + { + "name": "https://launchpad.net/bugs/1289033", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1289033" + }, + { + "name": "openSUSE-SU-2015:0078", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0180.json b/2014/0xxx/CVE-2014-0180.json index 492854c4268..dffc6ef9e7c 100644 --- a/2014/0xxx/CVE-2014-0180.json +++ b/2014/0xxx/CVE-2014-0180.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0816.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0621.json b/2014/0xxx/CVE-2014-0621.json index 6555119e802..84df159c1fd 100644 --- a/2014/0xxx/CVE-2014-0621.json +++ b/2014/0xxx/CVE-2014-0621.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30667", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30667", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30667" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4388.json b/2014/4xxx/CVE-2014-4388.json index 111e1422659..2c85976d1ad 100644 --- a/2014/4xxx/CVE-2014-4388.json +++ b/2014/4xxx/CVE-2014-4388.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69948" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144388-code-exec(96093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "appleios-cve20144388-code-exec(96093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96093" + }, + { + "name": "69948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69948" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4406.json b/2014/4xxx/CVE-2014-4406.json index efe5f8f56de..a9c01ff2c88 100644 --- a/2014/4xxx/CVE-2014-4406.json +++ b/2014/4xxx/CVE-2014-4406.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html", - "refsource" : "MISC", - "url" : "http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html" - }, - { - "name" : "http://support.apple.com/kb/HT6448", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6448" - }, - { - "name" : "https://support.apple.com/kb/HT6536", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6536" - }, - { - "name" : "APPLE-SA-2014-10-16-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" - }, - { - "name" : "69935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69935" - }, - { - "name" : "1030870", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030870" - }, - { - "name" : "61307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61307" - }, - { - "name" : "macosx-cve20144406-xss(96047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6448", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6448" + }, + { + "name": "macosx-cve20144406-xss(96047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96047" + }, + { + "name": "APPLE-SA-2014-10-16-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" + }, + { + "name": "69935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69935" + }, + { + "name": "http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html", + "refsource": "MISC", + "url": "http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html" + }, + { + "name": "https://support.apple.com/kb/HT6536", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6536" + }, + { + "name": "1030870", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030870" + }, + { + "name": "61307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61307" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4427.json b/2014/4xxx/CVE-2014-4427.json index ea115868933..8ec77f04b3c 100644 --- a/2014/4xxx/CVE-2014-4427.json +++ b/2014/4xxx/CVE-2014-4427.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "70635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70635" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144427-sec-bypass(97642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70635" + }, + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "macosx-cve20144427-sec-bypass(97642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97642" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4592.json b/2014/4xxx/CVE-2014-4592.json index ef4c44b65cc..f79a70f3efd 100644 --- a/2014/4xxx/CVE-2014-4592.json +++ b/2014/4xxx/CVE-2014-4592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4604.json b/2014/4xxx/CVE-2014-4604.json index ff1964d2193..85357266cfe 100644 --- a/2014/4xxx/CVE-2014-4604.json +++ b/2014/4xxx/CVE-2014-4604.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8036.json b/2014/8xxx/CVE-2014-8036.json index 3185f59b1d3..06d8a0b15a6 100644 --- a/2014/8xxx/CVE-2014-8036.json +++ b/2014/8xxx/CVE-2014-8036.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150109 Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036" - }, - { - "name" : "71982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71982" - }, - { - "name" : "60330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60330" - }, - { - "name" : "cisco-webex-cve20148036-sec-bypass(100571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71982" + }, + { + "name": "cisco-webex-cve20148036-sec-bypass(100571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100571" + }, + { + "name": "20150109 Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036" + }, + { + "name": "60330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60330" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8381.json b/2014/8xxx/CVE-2014-8381.json index d176e11138a..85eda0dd8ac 100644 --- a/2014/8xxx/CVE-2014-8381.json +++ b/2014/8xxx/CVE-2014-8381.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141017 XSS vulnerabilities in Megapolis.Portal Manager", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/77" - }, - { - "name" : "http://packetstormsecurity.com/files/128725/Megapolis.Portal-Manager-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128725/Megapolis.Portal-Manager-Cross-Site-Scripting.html" - }, - { - "name" : "http://websecurity.com.ua/7398/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/7398/" - }, - { - "name" : "70615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70615" - }, - { - "name" : "megapolisportalmanager-category-xss(97649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70615" + }, + { + "name": "20141017 XSS vulnerabilities in Megapolis.Portal Manager", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/77" + }, + { + "name": "http://websecurity.com.ua/7398/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/7398/" + }, + { + "name": "megapolisportalmanager-category-xss(97649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97649" + }, + { + "name": "http://packetstormsecurity.com/files/128725/Megapolis.Portal-Manager-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128725/Megapolis.Portal-Manager-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9221.json b/2014/9xxx/CVE-2014-9221.json index 42cf514d8b0..2a4c6379ecd 100644 --- a/2014/9xxx/CVE-2014-9221.json +++ b/2014/9xxx/CVE-2014-9221.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html", - "refsource" : "CONFIRM", - "url" : "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html" - }, - { - "name" : "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html", - "refsource" : "CONFIRM", - "url" : "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html" - }, - { - "name" : "DSA-3118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3118" - }, - { - "name" : "FEDORA-2015-3043", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html" - }, - { - "name" : "openSUSE-SU-2015:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html" - }, - { - "name" : "USN-2450-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2450-1" - }, - { - "name" : "71894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71894" - }, - { - "name" : "62071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62071" - }, - { - "name" : "62095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62095" - }, - { - "name" : "62663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62663" - }, - { - "name" : "62083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62095" + }, + { + "name": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html", + "refsource": "CONFIRM", + "url": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html" + }, + { + "name": "USN-2450-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2450-1" + }, + { + "name": "DSA-3118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3118" + }, + { + "name": "62071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62071" + }, + { + "name": "FEDORA-2015-3043", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html" + }, + { + "name": "62663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62663" + }, + { + "name": "openSUSE-SU-2015:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html" + }, + { + "name": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html", + "refsource": "CONFIRM", + "url": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html" + }, + { + "name": "62083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62083" + }, + { + "name": "71894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71894" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9668.json b/2014/9xxx/CVE-2014-9668.json index 078ea4f247a..29ee10f0252 100644 --- a/2014/9xxx/CVE-2014-9668.json +++ b/2014/9xxx/CVE-2014-9668.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=164", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=164" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538" - }, - { - "name" : "FEDORA-2015-2216", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" - }, - { - "name" : "FEDORA-2015-2237", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" - }, - { - "name" : "GLSA-201503-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-05" - }, - { - "name" : "openSUSE-SU-2015:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" - }, - { - "name" : "USN-2510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2510-1" - }, - { - "name" : "USN-2739-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2739-1" - }, - { - "name" : "72986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=164", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=164" + }, + { + "name": "GLSA-201503-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-05" + }, + { + "name": "72986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72986" + }, + { + "name": "USN-2739-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2739-1" + }, + { + "name": "openSUSE-SU-2015:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" + }, + { + "name": "FEDORA-2015-2216", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" + }, + { + "name": "USN-2510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2510-1" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538" + }, + { + "name": "FEDORA-2015-2237", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9736.json b/2014/9xxx/CVE-2014-9736.json index fe34aca56b1..f8ce1876414 100644 --- a/2014/9xxx/CVE-2014-9736.json +++ b/2014/9xxx/CVE-2014-9736.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA&DIRECTION=DOC1474072&FILENAME=DOC1474072_ATR_InstSvcMan.pdf&FILEREV=--&DOCREV_ORG=--", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA&DIRECTION=DOC1474072&FILENAME=DOC1474072_ATR_InstSvcMan.pdf&FILEREV=--&DOCREV_ORG=--" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA&DIRECTION=DOC1474072&FILENAME=DOC1474072_ATR_InstSvcMan.pdf&FILEREV=--&DOCREV_ORG=--", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA&DIRECTION=DOC1474072&FILENAME=DOC1474072_ATR_InstSvcMan.pdf&FILEREV=--&DOCREV_ORG=--" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3251.json b/2016/3xxx/CVE-2016-3251.json index 83e3e6233fd..c7fba8ec9bf 100644 --- a/2016/3xxx/CVE-2016-3251.json +++ b/2016/3xxx/CVE-2016-3251.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka \"Win32k Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-090" - }, - { - "name" : "1036288", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka \"Win32k Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-090" + }, + { + "name": "1036288", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036288" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3448.json b/2016/3xxx/CVE-2016-3448.json index c26187fa15f..8401ab18ef9 100644 --- a/2016/3xxx/CVE-2016-3448.json +++ b/2016/3xxx/CVE-2016-3448.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91885" - }, - { - "name" : "1036363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036363" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91885" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3485.json b/2016/3xxx/CVE-2016-3485.json index f97257ee1e0..483b3a1e204 100644 --- a/2016/3xxx/CVE-2016-3485.json +++ b/2016/3xxx/CVE-2016-3485.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10166", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10166" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160721-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160721-0001/" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "GLSA-201701-43", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-43" - }, - { - "name" : "SUSE-SU-2016:2261", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:2286", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html" - }, - { - "name" : "SUSE-SU-2016:1997", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" - }, - { - "name" : "SUSE-SU-2016:2012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1979", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:2050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" - }, - { - "name" : "openSUSE-SU-2016:2051", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:2052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:2058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "1036365", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:2261", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "SUSE-SU-2016:2012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" + }, + { + "name": "openSUSE-SU-2016:2052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160721-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160721-0001/" + }, + { + "name": "SUSE-SU-2016:2286", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html" + }, + { + "name": "openSUSE-SU-2016:2051", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" + }, + { + "name": "1036365", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036365" + }, + { + "name": "GLSA-201701-43", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-43" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "SUSE-SU-2016:1997", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" + }, + { + "name": "openSUSE-SU-2016:2050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10166", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10166" + }, + { + "name": "openSUSE-SU-2016:1979", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" + }, + { + "name": "openSUSE-SU-2016:2058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3639.json b/2016/3xxx/CVE-2016-3639.json index 474946a6668..dea3c41436c 100644 --- a/2016/3xxx/CVE-2016-3639.json +++ b/2016/3xxx/CVE-2016-3639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160818 Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/83" - }, - { - "name" : "http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure", - "refsource" : "MISC", - "url" : "http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure" - }, - { - "name" : "http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html" - }, - { - "name" : "92547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure", + "refsource": "MISC", + "url": "http://onapsis.com/research/security-advisories/sap-hana-get-topology-information-disclosure" + }, + { + "name": "http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138428/SAP-HANA-1.00.091.00.1418659308-Information-Disclosure.html" + }, + { + "name": "92547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92547" + }, + { + "name": "20160818 Onapsis Security Advisory ONAPSIS-2016-006: SAP HANA Get Topology Information", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/83" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6125.json b/2016/6xxx/CVE-2016-6125.json index d5740ea5adb..a402dc27295 100644 --- a/2016/6xxx/CVE-2016-6125.json +++ b/2016/6xxx/CVE-2016-6125.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LMS on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "13.0" - }, - { - "version_value" : "13.1" - }, - { - "version_value" : "13.2" - }, - { - "version_value" : "13.2.2" - }, - { - "version_value" : "13.2.3" - }, - { - "version_value" : "13.2.4" - }, - { - "version_value" : "14.0.0" - }, - { - "version_value" : "14.1.0" - }, - { - "version_value" : "14.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LMS on Cloud", + "version": { + "version_data": [ + { + "version_value": "13.0" + }, + { + "version_value": "13.1" + }, + { + "version_value": "13.2" + }, + { + "version_value": "13.2.2" + }, + { + "version_value": "13.2.3" + }, + { + "version_value": "13.2.4" + }, + { + "version_value": "14.0.0" + }, + { + "version_value": "14.1.0" + }, + { + "version_value": "14.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982" - }, - { - "name" : "94327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993982", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993982" + }, + { + "name": "94327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94327" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6368.json b/2016/6xxx/CVE-2016-6368.json index b4f90cc7809..4eea98038ff 100644 --- a/2016/6xxx/CVE-2016-6368.json +++ b/2016/6xxx/CVE-2016-6368.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Detection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Detection Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Detection Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Detection Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort" - }, - { - "name" : "97932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97932" - }, - { - "name" : "98292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort" + }, + { + "name": "98292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98292" + }, + { + "name": "97932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97932" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6585.json b/2016/6xxx/CVE-2016-6585.json index 141659e710d..f8ac813485b 100644 --- a/2016/6xxx/CVE-2016-6585.json +++ b/2016/6xxx/CVE-2016-6585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6804.json b/2016/6xxx/CVE-2016-6804.json index 2ddb2f31718..623b971dfbd 100644 --- a/2016/6xxx/CVE-2016-6804.json +++ b/2016/6xxx/CVE-2016-6804.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-11-18T00:00:00", - "ID" : "CVE-2016-6804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenOffice", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0 to 4.1.2" - }, - { - "version_value" : "older releases are also affected, including some branded as OpenOffice.org" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary Code Execution at installation time" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-11-18T00:00:00", + "ID": "CVE-2016-6804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenOffice", + "version": { + "version_data": [ + { + "version_value": "4.0.0 to 4.1.2" + }, + { + "version_value": "older releases are also affected, including some branded as OpenOffice.org" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.openoffice.org/security/cves/CVE-2016-6804.html", - "refsource" : "CONFIRM", - "url" : "https://www.openoffice.org/security/cves/CVE-2016-6804.html" - }, - { - "name" : "93774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93774" - }, - { - "name" : "1037016", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution at installation time" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openoffice.org/security/cves/CVE-2016-6804.html", + "refsource": "CONFIRM", + "url": "https://www.openoffice.org/security/cves/CVE-2016-6804.html" + }, + { + "name": "93774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93774" + }, + { + "name": "1037016", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037016" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7101.json b/2016/7xxx/CVE-2016-7101.json index b9f00e37e7e..a6ef24afeed 100644 --- a/2016/7xxx/CVE-2016-7101.json +++ b/2016/7xxx/CVE-2016-7101.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160926 CVE-2016-7101 - ImageMagick SGI Coder Out-Of-Bounds Read Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/26/8" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127" - }, - { - "name" : "93181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93181" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776" + }, + { + "name": "[oss-security] 20160926 CVE-2016-7101 - ImageMagick SGI Coder Out-Of-Bounds Read Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/26/8" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7474.json b/2016/7xxx/CVE-2016-7474.json index 5540c35ec7f..03833e16893 100644 --- a/2016/7xxx/CVE-2016-7474.json +++ b/2016/7xxx/CVE-2016-7474.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-7474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM", - "version" : { - "version_data" : [ - { - "version_value" : "10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MCPD data on disk may expose sensitive parameters" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-7474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM", + "version": { + "version_data": [ + { + "version_value": "10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K52180214", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K52180214" - }, - { - "name" : "97198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97198" - }, - { - "name" : "1038133", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MCPD data on disk may expose sensitive parameters" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K52180214", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K52180214" + }, + { + "name": "97198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97198" + }, + { + "name": "1038133", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038133" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7718.json b/2016/7xxx/CVE-2016-7718.json index c13e8671674..1316ae12053 100644 --- a/2016/7xxx/CVE-2016-7718.json +++ b/2016/7xxx/CVE-2016-7718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7718", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7718", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7768.json b/2016/7xxx/CVE-2016-7768.json index 40c751fcddf..ebc639deb2e 100644 --- a/2016/7xxx/CVE-2016-7768.json +++ b/2016/7xxx/CVE-2016-7768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7768", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7768", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7809.json b/2016/7xxx/CVE-2016-7809.json index d6bc02a2a0e..ef8368412f0 100644 --- a/2016/7xxx/CVE-2016-7809.json +++ b/2016/7xxx/CVE-2016-7809.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CG-WLR300NX", - "version" : { - "version_data" : [ - { - "version_value" : "firmware Ver. 1.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Corega Inc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CG-WLR300NX", + "version": { + "version_data": [ + { + "version_value": "firmware Ver. 1.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Corega Inc" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://corega.jp/support/security/20161111_wlr300nx.htm", - "refsource" : "CONFIRM", - "url" : "http://corega.jp/support/security/20161111_wlr300nx.htm" - }, - { - "name" : "JVN#23823838", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN23823838/index.html" - }, - { - "name" : "94248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#23823838", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN23823838/index.html" + }, + { + "name": "http://corega.jp/support/security/20161111_wlr300nx.htm", + "refsource": "CONFIRM", + "url": "http://corega.jp/support/security/20161111_wlr300nx.htm" + }, + { + "name": "94248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94248" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7812.json b/2016/7xxx/CVE-2016-7812.json index d1489deb4c7..8673cdd827b 100644 --- a/2016/7xxx/CVE-2016-7812.json +++ b/2016/7xxx/CVE-2016-7812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "ver5.3.1" - } - ] - } - }, - { - "product_name" : "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "ver5.2.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "The Bank of Tokyo-Mitsubishi UFJ, Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android", + "version": { + "version_data": [ + { + "version_value": "ver5.3.1" + } + ] + } + }, + { + "product_name": "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android", + "version": { + "version_data": [ + { + "version_value": "ver5.2.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "The Bank of Tokyo-Mitsubishi UFJ, Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jvn.jp/en/vu/JVNVU92900492/", - "refsource" : "MISC", - "url" : "https://jvn.jp/en/vu/JVNVU92900492/" - }, - { - "name" : "94829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jvn.jp/en/vu/JVNVU92900492/", + "refsource": "MISC", + "url": "https://jvn.jp/en/vu/JVNVU92900492/" + }, + { + "name": "94829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94829" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8132.json b/2016/8xxx/CVE-2016-8132.json index 796192bdc45..68b20c7bdf0 100644 --- a/2016/8xxx/CVE-2016-8132.json +++ b/2016/8xxx/CVE-2016-8132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8216.json b/2016/8xxx/CVE-2016-8216.json index 2a4656e6cc7..db3180c6309 100644 --- a/2016/8xxx/CVE-2016-8216.json +++ b/2016/8xxx/CVE-2016-8216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-8216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-8216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10", + "version": { + "version_data": [ + { + "version_value": "EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540059/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540059/30/0/threaded" - }, - { - "name" : "95829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95829" - }, - { - "name" : "1037728", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/archive/1/540059/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540059/30/0/threaded" + }, + { + "name": "1037728", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037728" + }, + { + "name": "95829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95829" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8432.json b/2016/8xxx/CVE-2016-8432.json index e941016d6f2..02c6034c750 100644 --- a/2016/8xxx/CVE-2016-8432.json +++ b/2016/8xxx/CVE-2016-8432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95236" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8569.json b/2016/8xxx/CVE-2016-8569.json index 4b48bd19bed..c2d3336dcaf 100644 --- a/2016/8xxx/CVE-2016-8569.json +++ b/2016/8xxx/CVE-2016-8569.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383211", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383211" - }, - { - "name" : "https://github.com/libgit2/libgit2/issues/3937", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgit2/libgit2/issues/3937" - }, - { - "name" : "https://github.com/libgit2/libgit2/releases/tag/v0.24.3", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgit2/libgit2/releases/tag/v0.24.3" - }, - { - "name" : "FEDORA-2016-505d7fe198", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/" - }, - { - "name" : "FEDORA-2016-616a35205b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/" - }, - { - "name" : "FEDORA-2016-bc51f4636f", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/" - }, - { - "name" : "openSUSE-SU-2016:3097", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html" - }, - { - "name" : "openSUSE-SU-2017:0184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html" - }, - { - "name" : "openSUSE-SU-2017:0195", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html" - }, - { - "name" : "openSUSE-SU-2017:0208", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html" - }, - { - "name" : "93465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211" + }, + { + "name": "FEDORA-2016-616a35205b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/" + }, + { + "name": "93465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93465" + }, + { + "name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/7" + }, + { + "name": "https://github.com/libgit2/libgit2/issues/3937", + "refsource": "CONFIRM", + "url": "https://github.com/libgit2/libgit2/issues/3937" + }, + { + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3", + "refsource": "CONFIRM", + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3" + }, + { + "name": "openSUSE-SU-2016:3097", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html" + }, + { + "name": "FEDORA-2016-505d7fe198", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/" + }, + { + "name": "openSUSE-SU-2017:0208", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html" + }, + { + "name": "openSUSE-SU-2017:0195", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html" + }, + { + "name": "openSUSE-SU-2017:0184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html" + }, + { + "name": "FEDORA-2016-bc51f4636f", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/" + } + ] + } +} \ No newline at end of file