diff --git a/2006/1xxx/CVE-2006-1114.json b/2006/1xxx/CVE-2006-1114.json index f88c350e607..603a89ad7a4 100644 --- a/2006/1xxx/CVE-2006-1114.json +++ b/2006/1xxx/CVE-2006-1114.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060307 Loudblog 0.41 SQL Injection, Local file read/include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426973/100/0/threaded" - }, - { - "name" : "http://loudblog.de/forum/viewtopic.php?id=590", - "refsource" : "CONFIRM", - "url" : "http://loudblog.de/forum/viewtopic.php?id=590" - }, - { - "name" : "17023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17023" - }, - { - "name" : "ADV-2006-0878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0878" - }, - { - "name" : "19172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19172" - }, - { - "name" : "loudblog-index-directory-traversal(25103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://loudblog.de/forum/viewtopic.php?id=590", + "refsource": "CONFIRM", + "url": "http://loudblog.de/forum/viewtopic.php?id=590" + }, + { + "name": "17023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17023" + }, + { + "name": "20060307 Loudblog 0.41 SQL Injection, Local file read/include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426973/100/0/threaded" + }, + { + "name": "loudblog-index-directory-traversal(25103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25103" + }, + { + "name": "19172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19172" + }, + { + "name": "ADV-2006-0878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0878" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1683.json b/2006/1xxx/CVE-2006-1683.json index daf394ab789..e1efdf439fa 100644 --- a/2006/1xxx/CVE-2006-1683.json +++ b/2006/1xxx/CVE-2006-1683.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060407 SQL Injection in Chipmunk Guestbook", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430315/100/0/threaded" - }, - { - "name" : "17483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17483" - }, - { - "name" : "ADV-2006-1323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1323" - }, - { - "name" : "19584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19584" - }, - { - "name" : "chipmunk-guestbook-login-sql-injection(25695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19584" + }, + { + "name": "17483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17483" + }, + { + "name": "chipmunk-guestbook-login-sql-injection(25695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25695" + }, + { + "name": "ADV-2006-1323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1323" + }, + { + "name": "20060407 SQL Injection in Chipmunk Guestbook", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430315/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1706.json b/2006/1xxx/CVE-2006-1706.json index 5ac0e7bb589..b1ccc02eb56 100644 --- a/2006/1xxx/CVE-2006-1706.json +++ b/2006/1xxx/CVE-2006-1706.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html" - }, - { - "name" : "17441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17441" - }, - { - "name" : "ADV-2006-1291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1291" - }, - { - "name" : "24470", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24470" - }, - { - "name" : "24471", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24471" - }, - { - "name" : "24472", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24472" - }, - { - "name" : "24473", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24473" - }, - { - "name" : "19593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19593" - }, - { - "name" : "shopweezle-multiple-path-disclosure(25724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25724" - }, - { - "name" : "shopweezle-multiple-sql-injection(25723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24473", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24473" + }, + { + "name": "19593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19593" + }, + { + "name": "24472", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24472" + }, + { + "name": "17441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17441" + }, + { + "name": "24471", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24471" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html" + }, + { + "name": "shopweezle-multiple-sql-injection(25723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25723" + }, + { + "name": "24470", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24470" + }, + { + "name": "ADV-2006-1291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1291" + }, + { + "name": "shopweezle-multiple-path-disclosure(25724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25724" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1723.json b/2006/1xxx/CVE-2006-1723.json index ac39a1dc561..6370d70a0f9 100644 --- a/2006/1xxx/CVE-2006-1723.json +++ b/2006/1xxx/CVE-2006-1723.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "VU#350262", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/350262" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1574", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1574" - }, - { - "name" : "1015919", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015919" - }, - { - "name" : "1015921", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015921" - }, - { - "name" : "1015920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015920" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19649" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-20.html" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "oval:org.mitre.oval:def:1574", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1574" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "VU#350262", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/350262" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "1015921", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015921" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "19649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19649" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "1015919", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015919" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "1015920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015920" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5134.json b/2006/5xxx/CVE-2006-5134.json index 35f2755db06..1ece1cb8bdf 100644 --- a/2006/5xxx/CVE-2006-5134.json +++ b/2006/5xxx/CVE-2006-5134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the \"new monitor description\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060929 Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447397/100/0/threaded" - }, - { - "name" : "20275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20275" - }, - { - "name" : "1670", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1670" - }, - { - "name" : "mercurysitescope-newmonitor-dos(29298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the \"new monitor description\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1670", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1670" + }, + { + "name": "20060929 Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447397/100/0/threaded" + }, + { + "name": "mercurysitescope-newmonitor-dos(29298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29298" + }, + { + "name": "20275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20275" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5145.json b/2006/5xxx/CVE-2006-5145.json index 0d983c0b8db..3c008869d2b 100644 --- a/2006/5xxx/CVE-2006-5145.json +++ b/2006/5xxx/CVE-2006-5145.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447424/100/0/threaded" - }, - { - "name" : "20278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20278" - }, - { - "name" : "22241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22241" - }, - { - "name" : "1680", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1680" - }, - { - "name" : "olate-download-detailes-search-sql-injection(29294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1680", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1680" + }, + { + "name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded" + }, + { + "name": "olate-download-detailes-search-sql-injection(29294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294" + }, + { + "name": "20278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20278" + }, + { + "name": "22241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22241" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5465.json b/2006/5xxx/CVE-2006-5465.json index da509680ec7..f6edc712640 100644 --- a/2006/5xxx/CVE-2006-5465.json +++ b/2006/5xxx/CVE-2006-5465.json @@ -1,297 +1,297 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450431/100/0/threaded" - }, - { - "name" : "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451098/100/0/threaded" - }, - { - "name" : "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453024/100/0/threaded" - }, - { - "name" : "http://www.hardened-php.net/advisory_132006.138.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_132006.138.html" - }, - { - "name" : "http://www.php.net/releases/5_2_0.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_0.php" - }, - { - "name" : "http://issues.rpath.com/browse/RPL-761", - "refsource" : "CONFIRM", - "url" : "http://issues.rpath.com/browse/RPL-761" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml" - }, - { - "name" : "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html" - }, - { - "name" : "DSA-1206", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1206" - }, - { - "name" : "GLSA-200703-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200703-21.xml" - }, - { - "name" : "MDKSA-2006:196", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196" - }, - { - "name" : "OpenPKG-SA-2006.028", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html" - }, - { - "name" : "RHSA-2006:0730", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0730.html" - }, - { - "name" : "RHSA-2006:0736", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0736.html" - }, - { - "name" : "RHSA-2006:0731", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0731.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "SUSE-SA:2006:067", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_67_php.html" - }, - { - "name" : "2006-0061", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0061/" - }, - { - "name" : "TLSA-2006-38", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" - }, - { - "name" : "USN-375-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-375-1" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "20879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20879" - }, - { - "name" : "oval:org.mitre.oval:def:10240", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240" - }, - { - "name" : "ADV-2006-4317", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4317" - }, - { - "name" : "ADV-2006-4749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4749" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "ADV-2007-1546", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1546" - }, - { - "name" : "1017152", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017152" - }, - { - "name" : "1017296", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017296" - }, - { - "name" : "22653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22653" - }, - { - "name" : "22688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22688" - }, - { - "name" : "22693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22693" - }, - { - "name" : "22753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22753" - }, - { - "name" : "22713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22713" - }, - { - "name" : "22759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22759" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "23139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23139" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "23247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23247" - }, - { - "name" : "22685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22685" - }, - { - "name" : "22779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22779" - }, - { - "name" : "22881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22881" - }, - { - "name" : "24606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24606" - }, - { - "name" : "25047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25047" - }, - { - "name" : "php-htmlentities-bo(29971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22881" + }, + { + "name": "1017152", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017152" + }, + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "ADV-2006-4749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4749" + }, + { + "name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded" + }, + { + "name": "RHSA-2006:0731", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html" + }, + { + "name": "22759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22759" + }, + { + "name": "24606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24606" + }, + { + "name": "ADV-2007-1546", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1546" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "TLSA-2006-38", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" + }, + { + "name": "DSA-1206", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1206" + }, + { + "name": "22693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22693" + }, + { + "name": "23247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23247" + }, + { + "name": "22653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22653" + }, + { + "name": "22688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22688" + }, + { + "name": "2006-0061", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0061/" + }, + { + "name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded" + }, + { + "name": "GLSA-200703-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml" + }, + { + "name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded" + }, + { + "name": "22713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22713" + }, + { + "name": "22685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22685" + }, + { + "name": "ADV-2006-4317", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4317" + }, + { + "name": "http://www.hardened-php.net/advisory_132006.138.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_132006.138.html" + }, + { + "name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html" + }, + { + "name": "http://issues.rpath.com/browse/RPL-761", + "refsource": "CONFIRM", + "url": "http://issues.rpath.com/browse/RPL-761" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "SUSE-SA:2006:067", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_67_php.html" + }, + { + "name": "php-htmlentities-bo(29971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "MDKSA-2006:196", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196" + }, + { + "name": "25047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25047" + }, + { + "name": "1017296", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017296" + }, + { + "name": "22779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22779" + }, + { + "name": "RHSA-2006:0730", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html" + }, + { + "name": "20879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20879" + }, + { + "name": "USN-375-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-375-1" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "OpenPKG-SA-2006.028", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "22753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22753" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm" + }, + { + "name": "oval:org.mitre.oval:def:10240", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240" + }, + { + "name": "23139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23139" + }, + { + "name": "RHSA-2006:0736", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html" + }, + { + "name": "http://www.php.net/releases/5_2_0.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_0.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2256.json b/2007/2xxx/CVE-2007-2256.json index 32ad214035d..d88efe3e641 100644 --- a/2007/2xxx/CVE-2007-2256.json +++ b/2007/2xxx/CVE-2007-2256.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070423 TJSChat Version 0.95 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466649/100/0/threaded" - }, - { - "name" : "23593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23593" - }, - { - "name" : "ADV-2007-1517", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1517" - }, - { - "name" : "24998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24998" - }, - { - "name" : "2620", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2620" - }, - { - "name" : "tjschat-you-xss(33845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070423 TJSChat Version 0.95 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466649/100/0/threaded" + }, + { + "name": "tjschat-you-xss(33845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33845" + }, + { + "name": "2620", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2620" + }, + { + "name": "ADV-2007-1517", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1517" + }, + { + "name": "24998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24998" + }, + { + "name": "23593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23593" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2277.json b/2007/2xxx/CVE-2007-2277.json index e12874d9981..be0bddc5232 100644 --- a/2007/2xxx/CVE-2007-2277.json +++ b/2007/2xxx/CVE-2007-2277.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070424 [MajorSecurity Advisory #46]Plogger - Session fixation Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466772/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls46", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls46" - }, - { - "name" : "2614", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2614" - }, - { - "name" : "plogger-phpsessid-weak-security(33863)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plogger-phpsessid-weak-security(33863)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33863" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls46", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls46" + }, + { + "name": "20070424 [MajorSecurity Advisory #46]Plogger - Session fixation Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466772/100/0/threaded" + }, + { + "name": "2614", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2614" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2280.json b/2007/2xxx/CVE-2007-2280.json index 02c444b29b6..cb404a41178 100644 --- a/2007/2xxx/CVE-2007-2280.json +++ b/2007/2xxx/CVE-2007-2280.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-099/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-099/" - }, - { - "name" : "HPSBMA02252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" - }, - { - "name" : "SSRT061258", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" - }, - { - "name" : "SSRT061259", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" - }, - { - "name" : "37396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37396" - }, - { - "name" : "1023361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023361" - }, - { - "name" : "ADV-2009-3594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-099/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-099/" + }, + { + "name": "37396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37396" + }, + { + "name": "HPSBMA02252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2" + }, + { + "name": "SSRT061258", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2" + }, + { + "name": "1023361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023361" + }, + { + "name": "ADV-2009-3594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3594" + }, + { + "name": "SSRT061259", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6149.json b/2007/6xxx/CVE-2007-6149.json index e3dc04ae5db..3b88019fa77 100644 --- a/2007/6xxx/CVE-2007-6149.json +++ b/2007/6xxx/CVE-2007-6149.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=662" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-03.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-04.html" - }, - { - "name" : "27762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27762" - }, - { - "name" : "ADV-2008-0538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0538/references" - }, - { - "name" : "ADV-2008-0539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0539" - }, - { - "name" : "1019399", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019399" - }, - { - "name" : "28946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28946" - }, - { - "name" : "28947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28947" - }, - { - "name" : "adobe-connect-edge-bo(40471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019399", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019399" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-04.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-04.html" + }, + { + "name": "20080212 Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=662" + }, + { + "name": "ADV-2008-0539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0539" + }, + { + "name": "28947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28947" + }, + { + "name": "27762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27762" + }, + { + "name": "ADV-2008-0538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0538/references" + }, + { + "name": "adobe-connect-edge-bo(40471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40471" + }, + { + "name": "28946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28946" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6287.json b/2007/6xxx/CVE-2007-6287.json index 858d45290c1..e21a81e5348 100644 --- a/2007/6xxx/CVE-2007-6287.json +++ b/2007/6xxx/CVE-2007-6287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26751" - }, - { - "name" : "27893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27893" - }, - { - "name" : "hypervm-login-xss(38926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26751" + }, + { + "name": "27893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27893" + }, + { + "name": "hypervm-login-xss(38926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38926" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6509.json b/2007/6xxx/CVE-2007-6509.json index 28189cce1ad..8cdb8c6eb3f 100644 --- a/2007/6xxx/CVE-2007-6509.json +++ b/2007/6xxx/CVE-2007-6509.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071218 Appian Enterprise Business Suite 5.6 SP1 is", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119794961212714&w=2" - }, - { - "name" : "26913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26913" - }, - { - "name" : "39500", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/39500" - }, - { - "name" : "28121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28121" - }, - { - "name" : "bpms-packet-dos(39145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26913" + }, + { + "name": "20071218 Appian Enterprise Business Suite 5.6 SP1 is", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119794961212714&w=2" + }, + { + "name": "28121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28121" + }, + { + "name": "39500", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/39500" + }, + { + "name": "bpms-packet-dos(39145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39145" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0267.json b/2010/0xxx/CVE-2010-0267.json index 9357f557f60..07991a9ac98 100644 --- a/2010/0xxx/CVE-2010-0267.json +++ b/2010/0xxx/CVE-2010-0267.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" - }, - { - "name" : "TA10-068A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" - }, - { - "name" : "TA10-089A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" - }, - { - "name" : "39023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39023" - }, - { - "name" : "oval:org.mitre.oval:def:8554", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554" - }, - { - "name" : "1023773", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023773" - }, - { - "name" : "ADV-2010-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-089A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-089A.html" + }, + { + "name": "oval:org.mitre.oval:def:8554", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554" + }, + { + "name": "TA10-068A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html" + }, + { + "name": "MS10-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018" + }, + { + "name": "ADV-2010-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0744" + }, + { + "name": "1023773", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023773" + }, + { + "name": "39023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39023" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0290.json b/2010/0xxx/CVE-2010-0290.json index a764efc9c8d..0485bc95520 100644 --- a/2010/0xxx/CVE-2010-0290.json +++ b/2010/0xxx/CVE-2010-0290.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100119 BIND CVE-2009-4022 fix incomplete", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126393609503704&w=2" - }, - { - "name" : "[oss-security] 20100120 Re: BIND CVE-2009-4022 fix incomplete", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=126399602810086&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554851", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554851" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=557121", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=557121" - }, - { - "name" : "https://www.isc.org/advisories/CVE-2009-4022v6", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/advisories/CVE-2009-4022v6" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018" - }, - { - "name" : "DSA-2054", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2054" - }, - { - "name" : "MDVSA-2010:021", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:021" - }, - { - "name" : "RHSA-2010:0062", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0062.html" - }, - { - "name" : "SUSE-SA:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" - }, - { - "name" : "USN-888-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-888-1" - }, - { - "name" : "oval:org.mitre.oval:def:7512", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512" - }, - { - "name" : "oval:org.mitre.oval:def:8884", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884" - }, - { - "name" : "oval:org.mitre.oval:def:6815", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815" - }, - { - "name" : "38219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38219" - }, - { - "name" : "38240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38240" - }, - { - "name" : "40086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40086" - }, - { - "name" : "ADV-2010-0176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0176" - }, - { - "name" : "ADV-2010-0622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0622" - }, - { - "name" : "ADV-2010-1352", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=557121", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=557121" + }, + { + "name": "ADV-2010-0176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0176" + }, + { + "name": "RHSA-2010:0062", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0062.html" + }, + { + "name": "[oss-security] 20100119 BIND CVE-2009-4022 fix incomplete", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126393609503704&w=2" + }, + { + "name": "https://www.isc.org/advisories/CVE-2009-4022v6", + "refsource": "CONFIRM", + "url": "https://www.isc.org/advisories/CVE-2009-4022v6" + }, + { + "name": "38240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38240" + }, + { + "name": "oval:org.mitre.oval:def:6815", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815" + }, + { + "name": "ADV-2010-1352", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1352" + }, + { + "name": "USN-888-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-888-1" + }, + { + "name": "40086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40086" + }, + { + "name": "ADV-2010-0622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0622" + }, + { + "name": "38219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38219" + }, + { + "name": "MDVSA-2010:021", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:021" + }, + { + "name": "oval:org.mitre.oval:def:8884", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554851", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554851" + }, + { + "name": "[oss-security] 20100120 Re: BIND CVE-2009-4022 fix incomplete", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=126399602810086&w=2" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018" + }, + { + "name": "DSA-2054", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2054" + }, + { + "name": "SUSE-SA:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" + }, + { + "name": "oval:org.mitre.oval:def:7512", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0449.json b/2010/0xxx/CVE-2010-0449.json index 865ea93a847..1bce6dbef39 100644 --- a/2010/0xxx/CVE-2010-0449.json +++ b/2010/0xxx/CVE-2010-0449.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02490", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996774125378&w=2" - }, - { - "name" : "SSRT090222", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996774125378&w=2" - }, - { - "name" : "39060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39060" - }, - { - "name" : "1023765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023765" - }, - { - "name" : "39187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02490", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996774125378&w=2" + }, + { + "name": "1023765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023765" + }, + { + "name": "SSRT090222", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996774125378&w=2" + }, + { + "name": "39187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39187" + }, + { + "name": "39060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39060" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0887.json b/2010/0xxx/CVE-2010-0887.json index 78373efe5bf..4db3838d484 100644 --- a/2010/0xxx/CVE-2010-0887.json +++ b/2010/0xxx/CVE-2010-0887.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html" - }, - { - "name" : "http://support.apple.com/kb/HT4170", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4170" - }, - { - "name" : "http://support.apple.com/kb/HT4171", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4171" - }, - { - "name" : "APPLE-SA-2010-05-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-05-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "39819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39819" - }, - { - "name" : "ADV-2010-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-05-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39819" + }, + { + "name": "APPLE-SA-2010-05-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4170", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4170" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html" + }, + { + "name": "http://support.apple.com/kb/HT4171", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4171" + }, + { + "name": "ADV-2010-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1191" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1243.json b/2010/1xxx/CVE-2010-1243.json index 67e42ec7674..eef1b58fcc4 100644 --- a/2010/1xxx/CVE-2010-1243.json +++ b/2010/1xxx/CVE-2010-1243.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24025662", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24025662" - }, - { - "name" : "IO11279", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IO11279" - }, - { - "name" : "39186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39186" - }, - { - "name" : "ADV-2010-0733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0733" - }, - { - "name" : "ADV-2011-0834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0834" + }, + { + "name": "39186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39186" + }, + { + "name": "ADV-2010-0733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0733" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24025662", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025662" + }, + { + "name": "IO11279", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IO11279" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1363.json b/2010/1xxx/CVE-2010-1363.json index 45b032496a4..d3606589ace 100644 --- a/2010/1xxx/CVE-2010-1363.json +++ b/2010/1xxx/CVE-2010-1363.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txt" - }, - { - "name" : "10988", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10988" - }, - { - "name" : "37608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37608" - }, - { - "name" : "ADV-2010-0049", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0049" - }, - { - "name" : "jprojects-index-sql-injection(55361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10988", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10988" + }, + { + "name": "jprojects-index-sql-injection(55361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55361" + }, + { + "name": "37608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37608" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/joomlajprojects-sql.txt" + }, + { + "name": "ADV-2010-0049", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0049" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1391.json b/2010/1xxx/CVE-2010-1391.json index 2402957572a..4d1453e1fd1 100644 --- a/2010/1xxx/CVE-2010-1391.json +++ b/2010/1xxx/CVE-2010-1391.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "40753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40753" - }, - { - "name" : "oval:org.mitre.oval:def:7082", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7082" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "40753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40753" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:7082", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7082" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1502.json b/2010/1xxx/CVE-2010-1502.json index 69fb3403574..6cbaed745bf 100644 --- a/2010/1xxx/CVE-2010-1502.json +++ b/2010/1xxx/CVE-2010-1502.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to \"developer tools.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.chromium.org/40136", - "refsource" : "CONFIRM", - "url" : "http://bugs.chromium.org/40136" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html" - }, - { - "name" : "39603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39603" - }, - { - "name" : "oval:org.mitre.oval:def:12041", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12041" - }, - { - "name" : "39544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to \"developer tools.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12041", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12041" + }, + { + "name": "39603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39603" + }, + { + "name": "39544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39544" + }, + { + "name": "http://bugs.chromium.org/40136", + "refsource": "CONFIRM", + "url": "http://bugs.chromium.org/40136" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1529.json b/2010/1xxx/CVE-2010-1529.json index c23add66eda..adec6167b73 100644 --- a/2010/1xxx/CVE-2010-1529.json +++ b/2010/1xxx/CVE-2010-1529.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlafreestyle-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlafreestyle-sql.txt" - }, - { - "name" : "12078", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12078" - }, - { - "name" : "39220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39220" - }, - { - "name" : "39288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39288" - }, - { - "name" : "freestylefaqlite-faqid-sql-injection(57588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freestylefaqlite-faqid-sql-injection(57588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57588" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlafreestyle-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlafreestyle-sql.txt" + }, + { + "name": "39220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39220" + }, + { + "name": "12078", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12078" + }, + { + "name": "39288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39288" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4056.json b/2010/4xxx/CVE-2010-4056.json index fd987983305..cc109b45943 100644 --- a/2010/4xxx/CVE-2010-4056.json +++ b/2010/4xxx/CVE-2010-4056.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15261", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15261" - }, - { - "name" : "http://aluigi.altervista.org/adv/soliddb_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/soliddb_1-adv.txt" - }, - { - "name" : "1024597", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024597" - }, - { - "name" : "41873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41873" - }, - { - "name" : "ADV-2010-2715", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2715" - }, - { - "name" : "ibm-solid-database-server-dos(62590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-solid-database-server-dos(62590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62590" + }, + { + "name": "15261", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15261" + }, + { + "name": "ADV-2010-2715", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2715" + }, + { + "name": "41873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41873" + }, + { + "name": "1024597", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024597" + }, + { + "name": "http://aluigi.altervista.org/adv/soliddb_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/soliddb_1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4905.json b/2010/4xxx/CVE-2010-4905.json index 4143b8ded32..194a5aa7b09 100644 --- a/2010/4xxx/CVE-2010-4905.json +++ b/2010/4xxx/CVE-2010-4905.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14910", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14910" - }, - { - "name" : "67826", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67826" - }, - { - "name" : "41301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14910", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14910" + }, + { + "name": "67826", + "refsource": "OSVDB", + "url": "http://osvdb.org/67826" + }, + { + "name": "41301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41301" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0109.json b/2014/0xxx/CVE-2014-0109.json index d52bcd16d5b..98b83ceb491 100644 --- a/2014/0xxx/CVE-2014-0109.json +++ b/2014/0xxx/CVE-2014-0109.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2", - "refsource" : "CONFIRM", - "url" : "https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2" - }, - { - "name" : "RHSA-2014:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html" - }, - { - "name" : "RHSA-2015:0850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html" - }, - { - "name" : "RHSA-2015:0851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html" - }, - { - "name" : "1030201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html" + }, + { + "name": "RHSA-2015:0851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html" + }, + { + "name": "https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2", + "refsource": "CONFIRM", + "url": "https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2" + }, + { + "name": "1030201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030201" + }, + { + "name": "RHSA-2014:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0347.json b/2014/0xxx/CVE-2014-0347.json index bda59920228..a9d072c4a05 100644 --- a/2014/0xxx/CVE-2014-0347.json +++ b/2014/0xxx/CVE-2014-0347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0", - "refsource" : "CONFIRM", - "url" : "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0" - }, - { - "name" : "VU#568252", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/568252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#568252", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/568252" + }, + { + "name": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0", + "refsource": "CONFIRM", + "url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0531.json b/2014/0xxx/CVE-2014-0531.json index ef49e0f68a6..eaa1bf889c5 100644 --- a/2014/0xxx/CVE-2014-0531.json +++ b/2014/0xxx/CVE-2014-0531.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html" - }, - { - "name" : "GLSA-201406-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-17.xml" - }, - { - "name" : "RHSA-2014:0745", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0745.html" - }, - { - "name" : "SUSE-SU-2014:0806", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html" - }, - { - "name" : "openSUSE-SU-2014:0798", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html" - }, - { - "name" : "openSUSE-SU-2014:0799", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html" - }, - { - "name" : "67962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67962" - }, - { - "name" : "1030368", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030368" - }, - { - "name" : "58390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58390" - }, - { - "name" : "58465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58465" - }, - { - "name" : "58585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58585" - }, - { - "name" : "59053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59053" - }, - { - "name" : "59304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67962" + }, + { + "name": "openSUSE-SU-2014:0798", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html" + }, + { + "name": "openSUSE-SU-2014:0799", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-16.html" + }, + { + "name": "RHSA-2014:0745", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0745.html" + }, + { + "name": "59304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59304" + }, + { + "name": "59053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59053" + }, + { + "name": "58465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58465" + }, + { + "name": "1030368", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030368" + }, + { + "name": "SUSE-SU-2014:0806", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html" + }, + { + "name": "58585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58585" + }, + { + "name": "58390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58390" + }, + { + "name": "GLSA-201406-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-17.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0569.json b/2014/0xxx/CVE-2014-0569.json index 89401599b52..f432136d97d 100644 --- a/2014/0xxx/CVE-2014-0569.json +++ b/2014/0xxx/CVE-2014-0569.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-365/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-365/" - }, - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html" - }, - { - "name" : "RHSA-2014:1648", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1648.html" - }, - { - "name" : "SUSE-SU-2014:1360", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1329", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "70441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70441" - }, - { - "name" : "1031019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031019" - }, - { - "name" : "61980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1329", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html" + }, + { + "name": "70441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70441" + }, + { + "name": "61980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61980" + }, + { + "name": "SUSE-SU-2014:1360", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html" + }, + { + "name": "RHSA-2014:1648", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1648.html" + }, + { + "name": "1031019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031019" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-365/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-365/" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0981.json b/2014/0xxx/CVE-2014-0981.json index 56099cdb0b5..c1e4d025ff0 100644 --- a/2014/0xxx/CVE-2014-0981.json +++ b/2014/0xxx/CVE-2014-0981.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531418/100/0/threaded" - }, - { - "name" : "32208", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32208" - }, - { - "name" : "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/95" - }, - { - "name" : "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities" - }, - { - "name" : "https://www.virtualbox.org/changeset/50437/vbox", - "refsource" : "CONFIRM", - "url" : "https://www.virtualbox.org/changeset/50437/vbox" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "DSA-2904", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2904" - }, - { - "name" : "GLSA-201612-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-27" - }, - { - "name" : "57384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32208", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32208" + }, + { + "name": "GLSA-201612-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-27" + }, + { + "name": "57384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57384" + }, + { + "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded" + }, + { + "name": "DSA-2904", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2904" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "https://www.virtualbox.org/changeset/50437/vbox", + "refsource": "CONFIRM", + "url": "https://www.virtualbox.org/changeset/50437/vbox" + }, + { + "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/95" + }, + { + "name": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1604.json b/2014/1xxx/CVE-2014-1604.json index 072dfc64b39..da38ab2179f 100644 --- a/2014/1xxx/CVE-2014-1604.json +++ b/2014/1xxx/CVE-2014-1604.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140114 Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/17/8" - }, - { - "name" : "[oss-security] 20140117 Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/18/4" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263" - }, - { - "name" : "https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c", - "refsource" : "CONFIRM", - "url" : "https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c" - }, - { - "name" : "102202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/102202" - }, - { - "name" : "56429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56429" - }, - { - "name" : "rply-cve20141604-insecure-permissions(90593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140114 Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/17/8" + }, + { + "name": "rply-cve20141604-insecure-permissions(90593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90593" + }, + { + "name": "102202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/102202" + }, + { + "name": "56429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56429" + }, + { + "name": "https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c", + "refsource": "CONFIRM", + "url": "https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263" + }, + { + "name": "[oss-security] 20140117 Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/18/4" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1759.json b/2014/1xxx/CVE-2014-1759.json index b0de8965ffe..f085a47a665 100644 --- a/2014/1xxx/CVE-2014-1759.json +++ b/2014/1xxx/CVE-2014-1759.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka \"Arbitrary Pointer Dereference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka \"Arbitrary Pointer Dereference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-020" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1843.json b/2014/1xxx/CVE-2014-1843.json index 2ad88073519..4ace215eb3e 100644 --- a/2014/1xxx/CVE-2014-1843.json +++ b/2014/1xxx/CVE-2014-1843.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31579", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31579" - }, - { - "name" : "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" - }, - { - "name" : "65469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65469" - }, - { - "name" : "103197", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/103197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103197", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/103197" + }, + { + "name": "65469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65469" + }, + { + "name": "31579", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31579" + }, + { + "name": "20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4097.json b/2014/4xxx/CVE-2014-4097.json index 92d0971306d..5ba3a4f362e 100644 --- a/2014/4xxx/CVE-2014-4097.json +++ b/2014/4xxx/CVE-2014-4097.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69605" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144097-code-exec(95527)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69605" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "ms-ie-cve20144097-code-exec(95527)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95527" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4130.json b/2014/4xxx/CVE-2014-4130.json index 20cb9b614c6..785d2b0d960 100644 --- a/2014/4xxx/CVE-2014-4130.json +++ b/2014/4xxx/CVE-2014-4130.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4132 and CVE-2014-4138." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70332" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4132 and CVE-2014-4138." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "70332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70332" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4134.json b/2014/4xxx/CVE-2014-4134.json index 80489fd5bf0..7481ff9468b 100644 --- a/2014/4xxx/CVE-2014-4134.json +++ b/2014/4xxx/CVE-2014-4134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70336" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70336" + }, + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4402.json b/2014/4xxx/CVE-2014-4402.json index 52df7074264..04e5c0c3a48 100644 --- a/2014/4xxx/CVE-2014-4402.json +++ b/2014/4xxx/CVE-2014-4402.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=33", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=33" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "69925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69925" - }, - { - "name" : "1030868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030868" - }, - { - "name" : "macosx-cve20144402-code-exec(96063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=33", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=33" + }, + { + "name": "1030868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030868" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "69925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69925" + }, + { + "name": "macosx-cve20144402-code-exec(96063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96063" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4596.json b/2014/4xxx/CVE-2014-4596.json index 34fae4cda93..feadf5a0016 100644 --- a/2014/4xxx/CVE-2014-4596.json +++ b/2014/4xxx/CVE-2014-4596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wpsnapapp-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wpsnapapp-a3-cross-site-scripting-xss" - }, - { - "name" : "68433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68433" + }, + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wpsnapapp-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wpsnapapp-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4803.json b/2014/4xxx/CVE-2014-4803.json index 457ed302575..a37e6af177b 100644 --- a/2014/4xxx/CVE-2014-4803.json +++ b/2014/4xxx/CVE-2014-4803.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695925", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695925" - }, - { - "name" : "ibm-curam-cve20144803-crlf(95305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-curam-cve20144803-crlf(95305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9479.json b/2014/9xxx/CVE-2014-9479.json index 8b058bbfecd..e2793d58c8d 100644 --- a/2014/9xxx/CVE-2014-9479.json +++ b/2014/9xxx/CVE-2014-9479.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" - }, - { - "name" : "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/21/2" - }, - { - "name" : "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/13" - }, - { - "name" : "https://phabricator.wikimedia.org/T76195", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T76195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13" + }, + { + "name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2" + }, + { + "name": "https://phabricator.wikimedia.org/T76195", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T76195" + }, + { + "name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9769.json b/2014/9xxx/CVE-2014-9769.json index b7e609f0924..2daa6af7daf 100644 --- a/2014/9xxx/CVE-2014-9769.json +++ b/2014/9xxx/CVE-2014-9769.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160326 CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/26/1" - }, - { - "name" : "http://vcs.pcre.org/pcre?view=revision&revision=1475", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre?view=revision&revision=1475" - }, - { - "name" : "https://bugs.debian.org/819050", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/819050" - }, - { - "name" : "https://redmine.openinfosecfoundation.org/issues/1693", - "refsource" : "CONFIRM", - "url" : "https://redmine.openinfosecfoundation.org/issues/1693" - }, - { - "name" : "85570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85570" - }, - { - "name" : "1035424", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://vcs.pcre.org/pcre?view=revision&revision=1475", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre?view=revision&revision=1475" + }, + { + "name": "85570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85570" + }, + { + "name": "https://redmine.openinfosecfoundation.org/issues/1693", + "refsource": "CONFIRM", + "url": "https://redmine.openinfosecfoundation.org/issues/1693" + }, + { + "name": "1035424", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035424" + }, + { + "name": "[oss-security] 20160326 CVE Request: pcre: Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/26/1" + }, + { + "name": "https://bugs.debian.org/819050", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/819050" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3099.json b/2016/3xxx/CVE-2016-3099.json index 60fcac7806d..780248ac0ab 100644 --- a/2016/3xxx/CVE-2016-3099.json +++ b/2016/3xxx/CVE-2016-3099.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319052", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319052" - }, - { - "name" : "FEDORA-2016-1eaaf1ed0f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184345.html" - }, - { - "name" : "FEDORA-2016-85e9f2e3cd", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html" - }, - { - "name" : "FEDORA-2016-8b28358b72", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183129.html" - }, - { - "name" : "RHSA-2016:2602", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2602.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2016-85e9f2e3cd", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1319052", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319052" + }, + { + "name": "FEDORA-2016-8b28358b72", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183129.html" + }, + { + "name": "RHSA-2016:2602", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2602.html" + }, + { + "name": "FEDORA-2016-1eaaf1ed0f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184345.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3188.json b/2016/3xxx/CVE-2016-3188.json index eaf8127d453..93666c14715 100644 --- a/2016/3xxx/CVE-2016-3188.json +++ b/2016/3xxx/CVE-2016-3188.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2679503", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2679503" - }, - { - "name" : "http://cgit.drupalcode.org/prepopulate/commit/prepopulate.module?id=16cdb63cc3b256dd785e029ec17f92ddf80cc443", - "refsource" : "CONFIRM", - "url" : "http://cgit.drupalcode.org/prepopulate/commit/prepopulate.module?id=16cdb63cc3b256dd785e029ec17f92ddf80cc443" - }, - { - "name" : "https://www.drupal.org/node/2679215", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2679215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2679215", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2679215" + }, + { + "name": "https://www.drupal.org/node/2679503", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2679503" + }, + { + "name": "http://cgit.drupalcode.org/prepopulate/commit/prepopulate.module?id=16cdb63cc3b256dd785e029ec17f92ddf80cc443", + "refsource": "CONFIRM", + "url": "http://cgit.drupalcode.org/prepopulate/commit/prepopulate.module?id=16cdb63cc3b256dd785e029ec17f92ddf80cc443" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3407.json b/2016/3xxx/CVE-2016-3407.json index 676ac559ce8..1d17dd46994 100644 --- a/2016/3xxx/CVE-2016-3407.json +++ b/2016/3xxx/CVE-2016-3407.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - }, - { - "name" : "95897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "name": "95897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95897" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7031.json b/2016/7xxx/CVE-2016-7031.json index 0ef9f7bf3c0..4011ce0a408 100644 --- a/2016/7xxx/CVE-2016-7031.json +++ b/2016/7xxx/CVE-2016-7031.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-7031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.ceph.com/docs/master/release-notes/#v10-0-1", - "refsource" : "CONFIRM", - "url" : "http://docs.ceph.com/docs/master/release-notes/#v10-0-1" - }, - { - "name" : "http://tracker.ceph.com/issues/13207", - "refsource" : "CONFIRM", - "url" : "http://tracker.ceph.com/issues/13207" - }, - { - "name" : "https://github.com/ceph/ceph/pull/6057", - "refsource" : "CONFIRM", - "url" : "https://github.com/ceph/ceph/pull/6057" - }, - { - "name" : "RHSA-2016:1972", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1972.html" - }, - { - "name" : "RHSA-2016:1973", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1973.html" - }, - { - "name" : "93240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93240" + }, + { + "name": "https://github.com/ceph/ceph/pull/6057", + "refsource": "CONFIRM", + "url": "https://github.com/ceph/ceph/pull/6057" + }, + { + "name": "RHSA-2016:1972", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1972.html" + }, + { + "name": "http://docs.ceph.com/docs/master/release-notes/#v10-0-1", + "refsource": "CONFIRM", + "url": "http://docs.ceph.com/docs/master/release-notes/#v10-0-1" + }, + { + "name": "RHSA-2016:1973", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1973.html" + }, + { + "name": "http://tracker.ceph.com/issues/13207", + "refsource": "CONFIRM", + "url": "http://tracker.ceph.com/issues/13207" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7211.json b/2016/7xxx/CVE-2016-7211.json index 1f076e30805..fb1c9eeac5d 100644 --- a/2016/7xxx/CVE-2016-7211.json +++ b/2016/7xxx/CVE-2016-7211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7185." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-123", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123" - }, - { - "name" : "93556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7185." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-123", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123" + }, + { + "name": "93556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93556" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7452.json b/2016/7xxx/CVE-2016-7452.json index a3d373319ee..149daa5ceb3 100644 --- a/2016/7xxx/CVE-2016-7452.json +++ b/2016/7xxx/CVE-2016-7452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3" - }, - { - "name" : "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0" - }, - { - "name" : "93045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0" + }, + { + "name": "93045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93045" + }, + { + "name": "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7879.json b/2016/7xxx/CVE-2016-7879.json index 0157ec69269..41dc977f498 100644 --- a/2016/7xxx/CVE-2016-7879.json +++ b/2016/7xxx/CVE-2016-7879.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-619", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-619" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94873" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-619", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-619" + }, + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "94873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94873" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7997.json b/2016/7xxx/CVE-2016-7997.json index f04a1ea130f..eb31fc89014 100644 --- a/2016/7xxx/CVE-2016-7997.json +++ b/2016/7xxx/CVE-2016-7997.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161007 GraphicsMagick CVE Request - WPG Reader Issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/07/4" - }, - { - "name" : "[oss-security] 20161008 Re: GraphicsMagick CVE Request - WPG Reader Issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/5" - }, - { - "name" : "DSA-3746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3746" - }, - { - "name" : "93467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3746" + }, + { + "name": "[oss-security] 20161007 GraphicsMagick CVE Request - WPG Reader Issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/07/4" + }, + { + "name": "[oss-security] 20161008 Re: GraphicsMagick CVE Request - WPG Reader Issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/5" + }, + { + "name": "93467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93467" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8252.json b/2016/8xxx/CVE-2016-8252.json index d0a1b461ff5..a5fa9ca58dc 100644 --- a/2016/8xxx/CVE-2016-8252.json +++ b/2016/8xxx/CVE-2016-8252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8252", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8252", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8318.json b/2016/8xxx/CVE-2016-8318.json index d8c29ed8609..e420e2f4c1b 100644 --- a/2016/8xxx/CVE-2016-8318.json +++ b/2016/8xxx/CVE-2016-8318.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.6.34 and earlier" - }, - { - "version_value" : "5.7.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.34 and earlier" + }, + { + "version_value": "5.7.16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "95580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95580" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "95580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95580" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8351.json b/2016/8xxx/CVE-2016-8351.json index 17402667284..3a4f5330c4b 100644 --- a/2016/8xxx/CVE-2016-8351.json +++ b/2016/8xxx/CVE-2016-8351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8556.json b/2016/8xxx/CVE-2016-8556.json index 3308c15cf36..b4d69aa9cbc 100644 --- a/2016/8xxx/CVE-2016-8556.json +++ b/2016/8xxx/CVE-2016-8556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8556", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8556", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8667.json b/2016/8xxx/CVE-2016-8667.json index 266036daa8a..82429891c5e 100644 --- a/2016/8xxx/CVE-2016-8667.json +++ b/2016/8xxx/CVE-2016-8667.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161014 CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/14/6" - }, - { - "name" : "[oss-security] 20161015 Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/15/4" - }, - { - "name" : "[qemu-devel] 20161012 [PATCH] dma: rc4030: limit interval timer reload value", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:3237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" - }, - { - "name" : "93567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161015 Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/15/4" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "93567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93567" + }, + { + "name": "[qemu-devel] 20161012 [PATCH] dma: rc4030: limit interval timer reload value", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html" + }, + { + "name": "openSUSE-SU-2016:3237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + }, + { + "name": "[oss-security] 20161014 CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/14/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9304.json b/2016/9xxx/CVE-2016-9304.json index ad6a4232888..466edfdec57 100644 --- a/2016/9xxx/CVE-2016-9304.json +++ b/2016/9xxx/CVE-2016-9304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", - "refsource" : "CONFIRM", - "url" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" - }, - { - "name" : "95799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", + "refsource": "CONFIRM", + "url": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" + }, + { + "name": "95799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95799" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9344.json b/2016/9xxx/CVE-2016-9344.json index 45f44e94d8a..ff9b9dac5fc 100644 --- a/2016/9xxx/CVE-2016-9344.json +++ b/2016/9xxx/CVE-2016-9344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa MiiNePort", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa MiiNePort" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa MiiNePort Session Hijack" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa MiiNePort", + "version": { + "version_data": [ + { + "version_value": "Moxa MiiNePort" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01" - }, - { - "name" : "94783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa MiiNePort Session Hijack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01" + }, + { + "name": "94783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94783" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9591.json b/2016/9xxx/CVE-2016-9591.json index 51c8f37d1a8..a30b0796ae3 100644 --- a/2016/9xxx/CVE-2016-9591.json +++ b/2016/9xxx/CVE-2016-9591.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2016-12-16T00:00:00", - "ID" : "CVE-2016-9591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jasper", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "JasPer Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2016-12-16T00:00:00", + "ID": "CVE-2016-9591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jasper", + "version": { + "version_data": [ + { + "version_value": "2.0.12" + } + ] + } + } + ] + }, + "vendor_name": "JasPer Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1406405", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1406405" - }, - { - "name" : "DSA-3827", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3827" - }, - { - "name" : "GLSA-201707-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-07" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "94952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1406405", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406405" + }, + { + "name": "DSA-3827", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3827" + }, + { + "name": "GLSA-201707-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-07" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "94952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94952" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2454.json b/2019/2xxx/CVE-2019-2454.json index 24b3fbca921..0ba08b225e6 100644 --- a/2019/2xxx/CVE-2019-2454.json +++ b/2019/2xxx/CVE-2019-2454.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2454", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2454", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2872.json b/2019/2xxx/CVE-2019-2872.json index 8fd068c64b1..814e5ff8b75 100644 --- a/2019/2xxx/CVE-2019-2872.json +++ b/2019/2xxx/CVE-2019-2872.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2872", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2872", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file