diff --git a/2006/1xxx/CVE-2006-1104.json b/2006/1xxx/CVE-2006-1104.json index 364c66725e1..1accaf6284b 100644 --- a/2006/1xxx/CVE-2006-1104.json +++ b/2006/1xxx/CVE-2006-1104.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060304 Pixel Post Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426764/100/0/threaded" - }, - { - "name" : "http://www.neosecurityteam.net/index.php?action=advisories&id=19", - "refsource" : "MISC", - "url" : "http://www.neosecurityteam.net/index.php?action=advisories&id=19" - }, - { - "name" : "http://forum.pixelpost.org/showthread.php?t=3535", - "refsource" : "MISC", - "url" : "http://forum.pixelpost.org/showthread.php?t=3535" - }, - { - "name" : "16964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16964" - }, - { - "name" : "ADV-2006-0823", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0823" - }, - { - "name" : "pixelpost-functions-sql-injection(25046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25046" - }, - { - "name" : "pixelpost-index-sql-injection(25044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.pixelpost.org/showthread.php?t=3535", + "refsource": "MISC", + "url": "http://forum.pixelpost.org/showthread.php?t=3535" + }, + { + "name": "http://www.neosecurityteam.net/index.php?action=advisories&id=19", + "refsource": "MISC", + "url": "http://www.neosecurityteam.net/index.php?action=advisories&id=19" + }, + { + "name": "pixelpost-functions-sql-injection(25046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25046" + }, + { + "name": "20060304 Pixel Post Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426764/100/0/threaded" + }, + { + "name": "16964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16964" + }, + { + "name": "ADV-2006-0823", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0823" + }, + { + "name": "pixelpost-index-sql-injection(25044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25044" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5610.json b/2006/5xxx/CVE-2006-5610.json index 59b4a3e435b..57a74131e6d 100644 --- a/2006/5xxx/CVE-2006-5610.json +++ b/2006/5xxx/CVE-2006-5610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22499" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5933.json b/2006/5xxx/CVE-2006-5933.json index 5c24b982bdb..12b1260bb15 100644 --- a/2006/5xxx/CVE-2006-5933.json +++ b/2006/5xxx/CVE-2006-5933.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451367/100/0/threaded" - }, - { - "name" : "1873", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1873", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1873" + }, + { + "name": "20061112 UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451367/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2411.json b/2007/2xxx/CVE-2007-2411.json index 8211c605125..648ce313801 100644 --- a/2007/2xxx/CVE-2007-2411.json +++ b/2007/2xxx/CVE-2007-2411.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that \"the application is not vulnerable to this issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070428 Sphider Version 1.2.x (include_dir) file include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467102/100/0/threaded" - }, - { - "name" : "20070430 Re: Sphider Version 1.2.x (include_dir) file include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467220/100/0/threaded" - }, - { - "name" : "23699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23699" - }, - { - "name" : "34174", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34174" - }, - { - "name" : "2648", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2648" - }, - { - "name" : "sphider-index-file-include(33963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that \"the application is not vulnerable to this issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2648", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2648" + }, + { + "name": "20070428 Sphider Version 1.2.x (include_dir) file include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467102/100/0/threaded" + }, + { + "name": "23699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23699" + }, + { + "name": "sphider-index-file-include(33963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33963" + }, + { + "name": "34174", + "refsource": "OSVDB", + "url": "http://osvdb.org/34174" + }, + { + "name": "20070430 Re: Sphider Version 1.2.x (include_dir) file include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467220/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2467.json b/2007/2xxx/CVE-2007-2467.json index 24a48aec2e5..b2baa30f35f 100644 --- a/2007/2xxx/CVE-2007-2467.json +++ b/2007/2xxx/CVE-2007-2467.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070501 ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467269/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-validation-of-vsdatant-driver-input-buffer.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-validation-of-vsdatant-driver-input-buffer.php" - }, - { - "name" : "23734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23734" - }, - { - "name" : "ADV-2007-1608", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1608" - }, - { - "name" : "35240", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35240" - }, - { - "name" : "25064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25064" - }, - { - "name" : "zonealarm-vsdatant-inputbuffer-dos(34028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23734" + }, + { + "name": "ADV-2007-1608", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1608" + }, + { + "name": "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-validation-of-vsdatant-driver-input-buffer.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-validation-of-vsdatant-driver-input-buffer.php" + }, + { + "name": "zonealarm-vsdatant-inputbuffer-dos(34028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34028" + }, + { + "name": "35240", + "refsource": "OSVDB", + "url": "http://osvdb.org/35240" + }, + { + "name": "20070501 ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467269/100/0/threaded" + }, + { + "name": "25064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25064" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2690.json b/2007/2xxx/CVE-2007-2690.json index 818a4bd51b2..95d430acd48 100644 --- a/2007/2xxx/CVE-2007-2690.json +++ b/2007/2xxx/CVE-2007-2690.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468633/100/0/threaded" - }, - { - "name" : "http://www.gamasec.net/english/gs07-01.html", - "refsource" : "MISC", - "url" : "http://www.gamasec.net/english/gs07-01.html" - }, - { - "name" : "VU#739224", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/739224" - }, - { - "name" : "1018068", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739224", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/739224" + }, + { + "name": "1018068", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018068" + }, + { + "name": "http://www.gamasec.net/english/gs07-01.html", + "refsource": "MISC", + "url": "http://www.gamasec.net/english/gs07-01.html" + }, + { + "name": "20070515 GS07-01 Full-Width and Half-Width Unicode Encoding IDS/IPS/WAF Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468633/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3297.json b/2007/3xxx/CVE-2007-3297.json index b5770cdda75..f3ab17002a8 100644 --- a/2007/3xxx/CVE-2007-3297.json +++ b/2007/3xxx/CVE-2007-3297.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4085", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4085" - }, - { - "name" : "24554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24554" - }, - { - "name" : "ADV-2007-2266", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2266" - }, - { - "name" : "37517", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37517" - }, - { - "name" : "37518", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37518" - }, - { - "name" : "37519", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37519" - }, - { - "name" : "25751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25751" - }, - { - "name" : "musoo-extlibpath-file-include(34950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37517", + "refsource": "OSVDB", + "url": "http://osvdb.org/37517" + }, + { + "name": "37519", + "refsource": "OSVDB", + "url": "http://osvdb.org/37519" + }, + { + "name": "4085", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4085" + }, + { + "name": "37518", + "refsource": "OSVDB", + "url": "http://osvdb.org/37518" + }, + { + "name": "25751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25751" + }, + { + "name": "ADV-2007-2266", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2266" + }, + { + "name": "musoo-extlibpath-file-include(34950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34950" + }, + { + "name": "24554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24554" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3419.json b/2007/3xxx/CVE-2007-3419.json index 7d575b5d50b..c92efeda03a 100644 --- a/2007/3xxx/CVE-2007-3419.json +++ b/2007/3xxx/CVE-2007-3419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" - }, - { - "name" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" - }, - { - "name" : "45400", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" + }, + { + "name": "45400", + "refsource": "OSVDB", + "url": "http://osvdb.org/45400" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6132.json b/2007/6xxx/CVE-2007-6132.json index cd90f998a17..3b92a6d1d0a 100644 --- a/2007/6xxx/CVE-2007-6132.json +++ b/2007/6xxx/CVE-2007-6132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6132", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-6132", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6312.json b/2007/6xxx/CVE-2007-6312.json index f7def915eb6..5852fb1ba8d 100644 --- a/2007/6xxx/CVE-2007-6312.json +++ b/2007/6xxx/CVE-2007-6312.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071210 Advisory: Websense XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484824/100/0/threaded" - }, - { - "name" : "http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/" - }, - { - "name" : "http://www.websense.com/SupportPortal/SupportKbs/1840.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/SupportPortal/SupportKbs/1840.aspx" - }, - { - "name" : "26793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26793" - }, - { - "name" : "ADV-2007-4158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4158" - }, - { - "name" : "1019066", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019066" - }, - { - "name" : "28019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28019" - }, - { - "name" : "3432", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3432" - }, - { - "name" : "websenseenterprise-logon-page-xss(38936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26793" + }, + { + "name": "http://www.websense.com/SupportPortal/SupportKbs/1840.aspx", + "refsource": "CONFIRM", + "url": "http://www.websense.com/SupportPortal/SupportKbs/1840.aspx" + }, + { + "name": "20071210 Advisory: Websense XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484824/100/0/threaded" + }, + { + "name": "http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/", + "refsource": "MISC", + "url": "http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/" + }, + { + "name": "ADV-2007-4158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4158" + }, + { + "name": "1019066", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019066" + }, + { + "name": "3432", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3432" + }, + { + "name": "28019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28019" + }, + { + "name": "websenseenterprise-logon-page-xss(38936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38936" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6336.json b/2007/6xxx/CVE-2007-6336.json index 96c5022e51b..7ae776d662b 100644 --- a/2007/6xxx/CVE-2007-6336.json +++ b/2007/6xxx/CVE-2007-6336.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "DSA-1435", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1435" - }, - { - "name" : "FEDORA-2008-0115", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html" - }, - { - "name" : "FEDORA-2008-0170", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html" - }, - { - "name" : "GLSA-200712-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-20.xml" - }, - { - "name" : "MDVSA-2008:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003" - }, - { - "name" : "SUSE-SR:2008:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" - }, - { - "name" : "26946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26946" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1019150", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019150" - }, - { - "name" : "28176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28176" - }, - { - "name" : "28278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28278" - }, - { - "name" : "28153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28153" - }, - { - "name" : "28421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28421" - }, - { - "name" : "28412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28412" - }, - { - "name" : "28587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28587" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "clamantivirus-mszip-bo(39169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003" + }, + { + "name": "DSA-1435", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1435" + }, + { + "name": "28412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28412" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "FEDORA-2008-0170", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html" + }, + { + "name": "28421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28421" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "FEDORA-2008-0115", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html" + }, + { + "name": "28176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28176" + }, + { + "name": "28587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28587" + }, + { + "name": "clamantivirus-mszip-bo(39169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169" + }, + { + "name": "28153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28153" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "GLSA-200712-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-20.xml" + }, + { + "name": "26946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26946" + }, + { + "name": "1019150", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019150" + }, + { + "name": "28278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28278" + }, + { + "name": "SUSE-SR:2008:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6421.json b/2007/6xxx/CVE-2007-6421.json index 1bf3f35e845..fb64e3158d5 100644 --- a/2007/6xxx/CVE-2007-6421.json +++ b/2007/6xxx/CVE-2007-6421.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486169/100/0/threaded" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_22.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_22.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "FEDORA-2008-1695", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" - }, - { - "name" : "FEDORA-2008-1711", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" - }, - { - "name" : "MDVSA-2008:016", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" - }, - { - "name" : "RHSA-2008:0008", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0008.html" - }, - { - "name" : "RHSA-2008:0009", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0009.html" - }, - { - "name" : "SUSE-SA:2008:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" - }, - { - "name" : "USN-575-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-575-1" - }, - { - "name" : "27236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27236" - }, - { - "name" : "oval:org.mitre.oval:def:10664", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664" - }, - { - "name" : "oval:org.mitre.oval:def:8651", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651" - }, - { - "name" : "ADV-2008-0048", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0048" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "28526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28526" - }, - { - "name" : "28749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28749" - }, - { - "name" : "28977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28977" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "29640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29640" - }, - { - "name" : "3523", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3523" - }, - { - "name" : "apache-modproxybalancer-xss(39474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28749" + }, + { + "name": "3523", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3523" + }, + { + "name": "FEDORA-2008-1695", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html" + }, + { + "name": "28526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28526" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "oval:org.mitre.oval:def:8651", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651" + }, + { + "name": "27236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27236" + }, + { + "name": "RHSA-2008:0008", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" + }, + { + "name": "FEDORA-2008-1711", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html" + }, + { + "name": "RHSA-2008:0009", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_22.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_22.html" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "apache-modproxybalancer-xss(39474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39474" + }, + { + "name": "ADV-2008-0048", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0048" + }, + { + "name": "SUSE-SA:2008:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html" + }, + { + "name": "20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486169/100/0/threaded" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "USN-575-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-575-1" + }, + { + "name": "29640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29640" + }, + { + "name": "oval:org.mitre.oval:def:10664", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664" + }, + { + "name": "28977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28977" + }, + { + "name": "MDVSA-2008:016", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6444.json b/2007/6xxx/CVE-2007-6444.json index 0a320245eb8..3096a63ccb4 100644 --- a/2007/6xxx/CVE-2007-6444.json +++ b/2007/6xxx/CVE-2007-6444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6444", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-6444", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0233.json b/2010/0xxx/CVE-2010-0233.json index 4fa26441b10..3a0d71a7566 100644 --- a/2010/0xxx/CVE-2010-0233.json +++ b/2010/0xxx/CVE-2010-0233.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka \"Windows Kernel Double Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8392", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka \"Windows Kernel Double Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015" + }, + { + "name": "oval:org.mitre.oval:def:8392", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8392" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0266.json b/2010/0xxx/CVE-2010-0266.json index 31d3059dd8c..fd475e623d6 100644 --- a/2010/0xxx/CVE-2010-0266.json +++ b/2010/0xxx/CVE-2010-0266.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045" - }, - { - "name" : "TA10-194A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-194A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11623", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11623", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623" + }, + { + "name": "TA10-194A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html" + }, + { + "name": "MS10-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0346.json b/2010/0xxx/CVE-2010-0346.json index b70add32b59..fea71e51346 100644 --- a/2010/0xxx/CVE-2010-0346.json +++ b/2010/0xxx/CVE-2010-0346.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0494.json b/2010/0xxx/CVE-2010-0494.json index d6ebbb04f77..ea4ea99b6a2 100644 --- a/2010/0xxx/CVE-2010-0494.json +++ b/2010/0xxx/CVE-2010-0494.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka \"HTML Element Cross-Domain Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "TA10-089A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" - }, - { - "name" : "39047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39047" - }, - { - "name" : "oval:org.mitre.oval:def:8553", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8553" - }, - { - "name" : "1023773", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023773" - }, - { - "name" : "ADV-2010-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka \"HTML Element Cross-Domain Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-089A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" + }, + { + "name": "39047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39047" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "MS10-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" + }, + { + "name": "oval:org.mitre.oval:def:8553", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8553" + }, + { + "name": "ADV-2010-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0744" + }, + { + "name": "1023773", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023773" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0609.json b/2010/0xxx/CVE-2010-0609.json index 9287195944d..7c3aeb16dd4 100644 --- a/2010/0xxx/CVE-2010-0609.json +++ b/2010/0xxx/CVE-2010-0609.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "62003", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62003" - }, - { - "name" : "38368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38368" + }, + { + "name": "62003", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62003" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0692.json b/2010/0xxx/CVE-2010-0692.json index a7400389406..809818b5e77 100644 --- a/2010/0xxx/CVE-2010-0692.json +++ b/2010/0xxx/CVE-2010-0692.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iptechinside.com/labs/news/show/6", - "refsource" : "CONFIRM", - "url" : "http://www.iptechinside.com/labs/news/show/6" - }, - { - "name" : "38203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38203" - }, - { - "name" : "62332", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62332" - }, - { - "name" : "38623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iptechinside.com/labs/news/show/6", + "refsource": "CONFIRM", + "url": "http://www.iptechinside.com/labs/news/show/6" + }, + { + "name": "38203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38203" + }, + { + "name": "38623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38623" + }, + { + "name": "62332", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62332" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1119.json b/2010/1xxx/CVE-2010-1119.json index 0dfd79b1fe3..02cbc79984c 100644 --- a/2010/1xxx/CVE-2010-1119.json +++ b/2010/1xxx/CVE-2010-1119.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to \"attribute manipulation,\" as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" - }, - { - "name" : "http://news.cnet.com/8301-27080_3-20001126-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20001126-245.html" - }, - { - "name" : "http://twitter.com/thezdi/statuses/11001080021", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/11001080021" - }, - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:7037", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7037" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "8128", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8128" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to \"attribute manipulation,\" as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "http://news.cnet.com/8301-27080_3-20001126-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20001126-245.html" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "oval:org.mitre.oval:def:7037", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7037" + }, + { + "name": "8128", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8128" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "http://twitter.com/thezdi/statuses/11001080021", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/11001080021" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1390.json b/2010/1xxx/CVE-2010-1390.json index 4f711efd151..949ea11c4ff 100644 --- a/2010/1xxx/CVE-2010-1390.json +++ b/2010/1xxx/CVE-2010-1390.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:6888", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6888" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "oval:org.mitre.oval:def:6888", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6888" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1527.json b/2010/1xxx/CVE-2010-1527.json index 523ad9e46ee..b8d31bf1184 100644 --- a/2010/1xxx/CVE-2010-1527.json +++ b/2010/1xxx/CVE-2010-1527.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-1527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-104/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-104/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7006679", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7006679" - }, - { - "name" : "42576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42576" - }, - { - "name" : "oval:org.mitre.oval:def:11973", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11973" - }, - { - "name" : "40805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40805" - }, - { - "name" : "novell-iprint-callbackurl-bo(61220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "novell-iprint-callbackurl-bo(61220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61220" + }, + { + "name": "42576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42576" + }, + { + "name": "http://secunia.com/secunia_research/2010-104/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-104/" + }, + { + "name": "oval:org.mitre.oval:def:11973", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11973" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7006679", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7006679" + }, + { + "name": "40805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40805" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1587.json b/2010/1xxx/CVE-2010-1587.json index dfae511d2e6..ff776bf439c 100644 --- a/2010/1xxx/CVE-2010-1587.json +++ b/2010/1xxx/CVE-2010-1587.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100422 Apache ActiveMQ is prone to source code disclosure vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510896/100/0/threaded" - }, - { - "name" : "20100422 Apache ActiveMQ is prone to source code disclosure vulnerability.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html" - }, - { - "name" : "https://issues.apache.org/activemq/browse/AMQ-2700", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/activemq/browse/AMQ-2700" - }, - { - "name" : "39636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39636" - }, - { - "name" : "64020", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64020" - }, - { - "name" : "39567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39567" - }, - { - "name" : "ADV-2010-0979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/activemq/browse/AMQ-2700", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/activemq/browse/AMQ-2700" + }, + { + "name": "20100422 Apache ActiveMQ is prone to source code disclosure vulnerability.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html" + }, + { + "name": "39567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39567" + }, + { + "name": "39636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39636" + }, + { + "name": "20100422 Apache ActiveMQ is prone to source code disclosure vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510896/100/0/threaded" + }, + { + "name": "ADV-2010-0979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0979" + }, + { + "name": "64020", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64020" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1633.json b/2010/1xxx/CVE-2010-1633.json index dfb3bb5db07..d726adf681e 100644 --- a/2010/1xxx/CVE-2010-1633.json +++ b/2010/1xxx/CVE-2010-1633.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.openssl.org/chngview?cn=19693", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/chngview?cn=19693" - }, - { - "name" : "http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1" - }, - { - "name" : "http://www.openssl.org/news/secadv_20100601.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20100601.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598732", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598732" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" - }, - { - "name" : "40503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40503" - }, - { - "name" : "40024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40024" - }, - { - "name" : "57353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57353" - }, - { - "name" : "ADV-2010-1313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1313" + }, + { + "name": "40024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40024" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" + }, + { + "name": "http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1" + }, + { + "name": "57353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57353" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=598732", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598732" + }, + { + "name": "40503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40503" + }, + { + "name": "http://cvs.openssl.org/chngview?cn=19693", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/chngview?cn=19693" + }, + { + "name": "http://www.openssl.org/news/secadv_20100601.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20100601.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1741.json b/2010/1xxx/CVE-2010-1741.json index 9e82f38e2ff..6406f195860 100644 --- a/2010/1xxx/CVE-2010-1741.json +++ b/2010/1xxx/CVE-2010-1741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/billwerx-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/billwerx-sql.txt" - }, - { - "name" : "39867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39867" - }, - { - "name" : "billwerx-requestaccount-sql-injection(58278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39867" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/billwerx-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/billwerx-sql.txt" + }, + { + "name": "billwerx-requestaccount-sql-injection(58278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58278" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4417.json b/2010/4xxx/CVE-2010-4417.json index 6fec0d3b945..e4a2cb6dd49 100644 --- a/2010/4xxx/CVE-2010-4417.json +++ b/2010/4xxx/CVE-2010-4417.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38859/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-020/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-020/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "45854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45854" - }, - { - "name" : "1024981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024981" - }, - { - "name" : "42978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42978" - }, - { - "name" : "ADV-2011-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0143" - }, - { - "name" : "oracle-beehive-index-code-execution(64772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0143" + }, + { + "name": "38859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38859/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-020/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-020/" + }, + { + "name": "oracle-beehive-index-code-execution(64772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64772" + }, + { + "name": "1024981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024981" + }, + { + "name": "42978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42978" + }, + { + "name": "45854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45854" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5000.json b/2010/5xxx/CVE-2010-5000.json index 19e21f5b802..f7eb92155ec 100644 --- a/2010/5xxx/CVE-2010-5000.json +++ b/2010/5xxx/CVE-2010-5000.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13766", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13766/" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/mcloginsystem-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/mcloginsystem-sql.txt" - }, - { - "name" : "40633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40633" - }, - { - "name" : "40122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40122" - }, - { - "name" : "8504", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1006-exploits/mcloginsystem-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/mcloginsystem-sql.txt" + }, + { + "name": "8504", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8504" + }, + { + "name": "40633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40633" + }, + { + "name": "13766", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13766/" + }, + { + "name": "40122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40122" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0757.json b/2014/0xxx/CVE-2014-0757.json index 766ce08a5fc..21d8b4ed0c6 100644 --- a/2014/0xxx/CVE-2014-0757.json +++ b/2014/0xxx/CVE-2014-0757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01" - }, - { - "name" : "56713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01" + }, + { + "name": "56713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56713" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1593.json b/2014/1xxx/CVE-2014-1593.json index a960d4d4aa1..d77d3c015b0 100644 --- a/2014/1xxx/CVE-2014-1593.json +++ b/2014/1xxx/CVE-2014-1593.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-88.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-88.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1085175", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1085175" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3090", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3090" - }, - { - "name" : "DSA-3092", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3092" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "71395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1085175", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1085175" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "71395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71395" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-88.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-88.html" + }, + { + "name": "DSA-3090", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3090" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "DSA-3092", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3092" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1684.json b/2014/1xxx/CVE-2014-1684.json index f4f5ca08e1a..f87f828d50d 100644 --- a/2014/1xxx/CVE-2014-1684.json +++ b/2014/1xxx/CVE-2014-1684.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.elsherei.com/?p=269", - "refsource" : "MISC", - "url" : "http://www.elsherei.com/?p=269" - }, - { - "name" : "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404" - }, - { - "name" : "https://trac.videolan.org/vlc/ticket/10482", - "refsource" : "CONFIRM", - "url" : "https://trac.videolan.org/vlc/ticket/10482" - }, - { - "name" : "GLSA-201603-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404" + }, + { + "name": "https://trac.videolan.org/vlc/ticket/10482", + "refsource": "CONFIRM", + "url": "https://trac.videolan.org/vlc/ticket/10482" + }, + { + "name": "http://www.elsherei.com/?p=269", + "refsource": "MISC", + "url": "http://www.elsherei.com/?p=269" + }, + { + "name": "GLSA-201603-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-08" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1898.json b/2014/1xxx/CVE-2014-1898.json index 783fc94ffb9..aea48e36058 100644 --- a/2014/1xxx/CVE-2014-1898.json +++ b/2014/1xxx/CVE-2014-1898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4313.json b/2014/4xxx/CVE-2014-4313.json index 6c1fa5b8593..d297467d305 100644 --- a/2014/4xxx/CVE-2014-4313.json +++ b/2014/4xxx/CVE-2014-4313.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141005 CVE-2014-4313 Epicor Procurement SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/21" - }, - { - "name" : "http://packetstormsecurity.com/files/128564/Epicor-Procurement-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128564/Epicor-Procurement-SQL-Injection.html" - }, - { - "name" : "70227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70227" - }, - { - "name" : "epicorprocurement-cve20144313-sql-injection(96842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70227" + }, + { + "name": "epicorprocurement-cve20144313-sql-injection(96842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96842" + }, + { + "name": "20141005 CVE-2014-4313 Epicor Procurement SQL Injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/21" + }, + { + "name": "http://packetstormsecurity.com/files/128564/Epicor-Procurement-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128564/Epicor-Procurement-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4512.json b/2014/4xxx/CVE-2014-4512.json index 247b33e68fc..110a2aba90f 100644 --- a/2014/4xxx/CVE-2014-4512.json +++ b/2014/4xxx/CVE-2014-4512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4576.json b/2014/4xxx/CVE-2014-4576.json index 16b0c12d70a..97102fea842 100644 --- a/2014/4xxx/CVE-2014-4576.json +++ b/2014/4xxx/CVE-2014-4576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wordpress-social-login-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wordpress-social-login-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wordpress-social-login-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wordpress-social-login-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5524.json b/2014/5xxx/CVE-2014-5524.json index 8cf8db719d3..e6a2182b81d 100644 --- a/2014/5xxx/CVE-2014-5524.json +++ b/2014/5xxx/CVE-2014-5524.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#199345", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/199345" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#199345", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/199345" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5851.json b/2014/5xxx/CVE-2014-5851.json index dd3191a7f4c..030016fce78 100644 --- a/2014/5xxx/CVE-2014-5851.json +++ b/2014/5xxx/CVE-2014-5851.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dark Summoner (aka com.darksummoner) application 1.03.39 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#131585", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/131585" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dark Summoner (aka com.darksummoner) application 1.03.39 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#131585", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/131585" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5929.json b/2014/5xxx/CVE-2014-5929.json index 10571ab3ce7..9e2fb5a6d89 100644 --- a/2014/5xxx/CVE-2014-5929.json +++ b/2014/5xxx/CVE-2014-5929.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#797305", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/797305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#797305", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/797305" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/62xxx/CVE-2014-62771.json b/2014/62xxx/CVE-2014-62771.json index 72492008eb7..e26f62c6a06 100644 --- a/2014/62xxx/CVE-2014-62771.json +++ b/2014/62xxx/CVE-2014-62771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-62771", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-62771", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9807.json b/2014/9xxx/CVE-2014-9807.json index d112bdfab80..2d7a75cc06f 100644 --- a/2014/9xxx/CVE-2014-9807.json +++ b/2014/9xxx/CVE-2014-9807.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141224 Imagemagick fuzzing bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" - }, - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343463", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343463", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343463" + }, + { + "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "[oss-security] 20141224 Imagemagick fuzzing bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10464.json b/2016/10xxx/CVE-2016-10464.json index 8f8b13dd5a5..e37fa6214da 100644 --- a/2016/10xxx/CVE-2016-10464.json +++ b/2016/10xxx/CVE-2016-10464.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of input validation for HCI H4 UART packet ID cause system denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reachable Assertion in BTSOC" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of input validation for HCI H4 UART packet ID cause system denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion in BTSOC" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3069.json b/2016/3xxx/CVE-2016-3069.json index e09b6dd51fa..c0f01576ea5 100644 --- a/2016/3xxx/CVE-2016-3069.json +++ b/2016/3xxx/CVE-2016-3069.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://selenic.com/repo/hg-stable/rev/197eed39e3d5", - "refsource" : "CONFIRM", - "url" : "https://selenic.com/repo/hg-stable/rev/197eed39e3d5" - }, - { - "name" : "https://selenic.com/repo/hg-stable/rev/80cac1de6aea", - "refsource" : "CONFIRM", - "url" : "https://selenic.com/repo/hg-stable/rev/80cac1de6aea" - }, - { - "name" : "https://selenic.com/repo/hg-stable/rev/ae279d4a19e9", - "refsource" : "CONFIRM", - "url" : "https://selenic.com/repo/hg-stable/rev/ae279d4a19e9" - }, - { - "name" : "https://selenic.com/repo/hg-stable/rev/b732e7f2aba4", - "refsource" : "CONFIRM", - "url" : "https://selenic.com/repo/hg-stable/rev/b732e7f2aba4" - }, - { - "name" : "https://selenic.com/repo/hg-stable/rev/cdda7b96afff", - "refsource" : "CONFIRM", - "url" : "https://selenic.com/repo/hg-stable/rev/cdda7b96afff" - }, - { - "name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29", - "refsource" : "CONFIRM", - "url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3542", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3542" - }, - { - "name" : "FEDORA-2016-79604dde9f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html" - }, - { - "name" : "FEDORA-2016-b7f1f8e3bf", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html" - }, - { - "name" : "GLSA-201612-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-19" - }, - { - "name" : "RHSA-2016:0706", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0706.html" - }, - { - "name" : "SUSE-SU-2016:1010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:1011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:1073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-79604dde9f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html" + }, + { + "name": "GLSA-201612-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-19" + }, + { + "name": "DSA-3542", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3542" + }, + { + "name": "https://selenic.com/repo/hg-stable/rev/b732e7f2aba4", + "refsource": "CONFIRM", + "url": "https://selenic.com/repo/hg-stable/rev/b732e7f2aba4" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "https://selenic.com/repo/hg-stable/rev/197eed39e3d5", + "refsource": "CONFIRM", + "url": "https://selenic.com/repo/hg-stable/rev/197eed39e3d5" + }, + { + "name": "openSUSE-SU-2016:1016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html" + }, + { + "name": "https://selenic.com/repo/hg-stable/rev/cdda7b96afff", + "refsource": "CONFIRM", + "url": "https://selenic.com/repo/hg-stable/rev/cdda7b96afff" + }, + { + "name": "RHSA-2016:0706", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0706.html" + }, + { + "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29", + "refsource": "CONFIRM", + "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://selenic.com/repo/hg-stable/rev/80cac1de6aea", + "refsource": "CONFIRM", + "url": "https://selenic.com/repo/hg-stable/rev/80cac1de6aea" + }, + { + "name": "SUSE-SU-2016:1011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html" + }, + { + "name": "SUSE-SU-2016:1010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html" + }, + { + "name": "FEDORA-2016-b7f1f8e3bf", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html" + }, + { + "name": "https://selenic.com/repo/hg-stable/rev/ae279d4a19e9", + "refsource": "CONFIRM", + "url": "https://selenic.com/repo/hg-stable/rev/ae279d4a19e9" + }, + { + "name": "openSUSE-SU-2016:1073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3165.json b/2016/3xxx/CVE-2016-3165.json index 54dcbb6eca5..075ee0c24b4 100644 --- a/2016/3xxx/CVE-2016-3165.json +++ b/2016/3xxx/CVE-2016-3165.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has \"#access\" set to FALSE in the server-side form definition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/19" - }, - { - "name" : "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/15/10" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2016-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2016-001" - }, - { - "name" : "DSA-3498", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has \"#access\" set to FALSE in the server-side form definition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" + }, + { + "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" + }, + { + "name": "DSA-3498", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3498" + }, + { + "name": "https://www.drupal.org/SA-CORE-2016-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2016-001" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3271.json b/2016/3xxx/CVE-2016-3271.json index 0d1756624bd..01050d7d3f8 100644 --- a/2016/3xxx/CVE-2016-3271.json +++ b/2016/3xxx/CVE-2016-3271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-085", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" - }, - { - "name" : "91586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91586" - }, - { - "name" : "1036286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036286" + }, + { + "name": "91586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91586" + }, + { + "name": "MS16-085", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3273.json b/2016/3xxx/CVE-2016-3273.json index 6d1d7640420..005e8ad6b8a 100644 --- a/2016/3xxx/CVE-2016-3273.json +++ b/2016/3xxx/CVE-2016-3273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-084", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" - }, - { - "name" : "MS16-085", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" - }, - { - "name" : "91576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91576" - }, - { - "name" : "1036283", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036283", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036283" + }, + { + "name": "91576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91576" + }, + { + "name": "MS16-084", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084" + }, + { + "name": "MS16-085", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3529.json b/2016/3xxx/CVE-2016-3529.json index 58cb697f98f..8527c200f5e 100644 --- a/2016/3xxx/CVE-2016-3529.json +++ b/2016/3xxx/CVE-2016-3529.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3560." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "92002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92002" - }, - { - "name" : "1036402", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036402", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036402" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "92002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92002" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3812.json b/2016/3xxx/CVE-2016-3812.json index c02707ac6e2..860aec45dc8 100644 --- a/2016/3xxx/CVE-2016-3812.json +++ b/2016/3xxx/CVE-2016-3812.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3844.json b/2016/3xxx/CVE-2016-3844.json index f22298d632f..b49b163e0cf 100644 --- a/2016/3xxx/CVE-2016-3844.json +++ b/2016/3xxx/CVE-2016-3844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "92241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92241" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7288.json b/2016/7xxx/CVE-2016-7288.json index 1cac5c292b2..8d9ee8ec37e 100644 --- a/2016/7xxx/CVE-2016-7288.json +++ b/2016/7xxx/CVE-2016-7288.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41357", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41357/" - }, - { - "name" : "http://packetstormsecurity.com/files/140994/Microsoft-Edge-TypedArray.sort-Use-After-Free.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140994/Microsoft-Edge-TypedArray.sort-Use-After-Free.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=983", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=983" - }, - { - "name" : "MS16-145", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145" - }, - { - "name" : "94749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94749" - }, - { - "name" : "1037444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41357", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41357/" + }, + { + "name": "http://packetstormsecurity.com/files/140994/Microsoft-Edge-TypedArray.sort-Use-After-Free.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140994/Microsoft-Edge-TypedArray.sort-Use-After-Free.html" + }, + { + "name": "94749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94749" + }, + { + "name": "1037444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037444" + }, + { + "name": "MS16-145", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=983", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=983" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7471.json b/2016/7xxx/CVE-2016-7471.json index 93a01632a86..66c86bca06a 100644 --- a/2016/7xxx/CVE-2016-7471.json +++ b/2016/7xxx/CVE-2016-7471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7471", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7471", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7483.json b/2016/7xxx/CVE-2016-7483.json index 2bfae20f67f..5dfcadbbe12 100644 --- a/2016/7xxx/CVE-2016-7483.json +++ b/2016/7xxx/CVE-2016-7483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7483", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8102.json b/2016/8xxx/CVE-2016-8102.json index 341a2e9f35b..6d446ce3d7d 100644 --- a/2016/8xxx/CVE-2016-8102.json +++ b/2016/8xxx/CVE-2016-8102.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Wireless Bluetooth Drivers", - "version" : { - "version_data" : [ - { - "version_value" : "16.x, 17.x, and before 18.1.1607.3129" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevated Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Wireless Bluetooth Drivers", + "version": { + "version_data": [ + { + "version_value": "16.x, 17.x, and before 18.1.1607.3129" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-11158", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-11158" - }, - { - "name" : "95010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevated Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-11158", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-11158" + }, + { + "name": "95010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95010" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8301.json b/2016/8xxx/CVE-2016-8301.json index 086b18518d3..c5e7e36cfae 100644 --- a/2016/8xxx/CVE-2016-8301.json +++ b/2016/8xxx/CVE-2016-8301.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0" - }, - { - "version_value" : "11.4.0" - }, - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.3" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "11.3.0" + }, + { + "version_value": "11.4.0" + }, + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.3" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95553" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95553" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8670.json b/2016/8xxx/CVE-2016-8670.json index 5df5bf46728..82af2902dfb 100644 --- a/2016/8xxx/CVE-2016-8670.json +++ b/2016/8xxx/CVE-2016-8670.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-8670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161015 CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/15/1" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73280", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73280" - }, - { - "name" : "https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9" - }, - { - "name" : "DSA-3693", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3693" - }, - { - "name" : "93594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "93594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93594" + }, + { + "name": "https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9", + "refsource": "CONFIRM", + "url": "https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9" + }, + { + "name": "[oss-security] 20161015 CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/15/1" + }, + { + "name": "DSA-3693", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3693" + }, + { + "name": "https://bugs.php.net/bug.php?id=73280", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73280" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9263.json b/2016/9xxx/CVE-2016-9263.json index e21a19c6fc5..cd859197417 100644 --- a/2016/9xxx/CVE-2016-9263.json +++ b/2016/9xxx/CVE-2016-9263.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/", - "refsource" : "MISC", - "url" : "https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/" - }, - { - "name" : "101294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101294" + }, + { + "name": "https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/", + "refsource": "MISC", + "url": "https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9942.json b/2016/9xxx/CVE-2016-9942.json index e183dbe9cab..278ae752f82 100644 --- a/2016/9xxx/CVE-2016-9942.json +++ b/2016/9xxx/CVE-2016-9942.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibVNC/libvncserver/pull/137", - "refsource" : "CONFIRM", - "url" : "https://github.com/LibVNC/libvncserver/pull/137" - }, - { - "name" : "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11", - "refsource" : "CONFIRM", - "url" : "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11" - }, - { - "name" : "DSA-3753", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3753" - }, - { - "name" : "GLSA-201702-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-24" - }, - { - "name" : "95170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95170" + }, + { + "name": "https://github.com/LibVNC/libvncserver/pull/137", + "refsource": "CONFIRM", + "url": "https://github.com/LibVNC/libvncserver/pull/137" + }, + { + "name": "DSA-3753", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3753" + }, + { + "name": "GLSA-201702-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-24" + }, + { + "name": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11", + "refsource": "CONFIRM", + "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2365.json b/2019/2xxx/CVE-2019-2365.json index 9f81a1671f0..f498664ea0e 100644 --- a/2019/2xxx/CVE-2019-2365.json +++ b/2019/2xxx/CVE-2019-2365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2775.json b/2019/2xxx/CVE-2019-2775.json index d1812aa7d68..4a998ce384f 100644 --- a/2019/2xxx/CVE-2019-2775.json +++ b/2019/2xxx/CVE-2019-2775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2809.json b/2019/2xxx/CVE-2019-2809.json index dd7e12b8e3e..70de3d739e5 100644 --- a/2019/2xxx/CVE-2019-2809.json +++ b/2019/2xxx/CVE-2019-2809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 784a4ca2a84..da83b51b353 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2904", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2904", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2966.json b/2019/2xxx/CVE-2019-2966.json index 471ae89dc64..9336276c03c 100644 --- a/2019/2xxx/CVE-2019-2966.json +++ b/2019/2xxx/CVE-2019-2966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6545.json b/2019/6xxx/CVE-2019-6545.json index a8e4bb7b195..1be32435acd 100644 --- a/2019/6xxx/CVE-2019-6545.json +++ b/2019/6xxx/CVE-2019-6545.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2019-6545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update", - "version" : { - "version_data" : [ - { - "version_value" : "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER CONTROL OF RESOURCE IDENTIFIERS ('RESOURCE INJECTION') CWE-99" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2019-6545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update", + "version": { + "version_data": [ + { + "version_value": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46342", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46342/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2019-04", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2019-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER CONTROL OF RESOURCE IDENTIFIERS ('RESOURCE INJECTION') CWE-99" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01" + }, + { + "name": "46342", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46342/" + }, + { + "name": "https://www.tenable.com/security/research/tra-2019-04", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2019-04" + } + ] + } +} \ No newline at end of file