diff --git a/2006/5xxx/CVE-2006-5127.json b/2006/5xxx/CVE-2006-5127.json index 51f8ec47d78..a66a5312750 100644 --- a/2006/5xxx/CVE-2006-5127.json +++ b/2006/5xxx/CVE-2006-5127.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060929 [MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447358/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls28", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls28" - }, - { - "name" : "http://download.compresso.de/compresso-4.0.5a.zip", - "refsource" : "CONFIRM", - "url" : "http://download.compresso.de/compresso-4.0.5a.zip" - }, - { - "name" : "20273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20273" - }, - { - "name" : "ADV-2006-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3868" - }, - { - "name" : "22145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22145" - }, - { - "name" : "1671", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1671" - }, - { - "name" : "conpressocms-multiple-scripts-xss(29272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22145" + }, + { + "name": "20060929 [MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447358/100/0/threaded" + }, + { + "name": "20273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20273" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls28", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls28" + }, + { + "name": "conpressocms-multiple-scripts-xss(29272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29272" + }, + { + "name": "1671", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1671" + }, + { + "name": "http://download.compresso.de/compresso-4.0.5a.zip", + "refsource": "CONFIRM", + "url": "http://download.compresso.de/compresso-4.0.5a.zip" + }, + { + "name": "ADV-2006-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3868" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2201.json b/2007/2xxx/CVE-2007-2201.json index 1da519fb8a3..360e7c0e96f 100644 --- a/2007/2xxx/CVE-2007-2201.json +++ b/2007/2xxx/CVE-2007-2201.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070422 Post Revolution Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466707/100/0/threaded" - }, - { - "name" : "3785", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3785" - }, - { - "name" : "23607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23607" - }, - { - "name" : "ADV-2007-1513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1513" - }, - { - "name" : "35317", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35317" - }, - { - "name" : "35318", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35318" - }, - { - "name" : "24971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24971" - }, - { - "name" : "2653", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2653" - }, - { - "name" : "postrevolution-commonpreview-file-include(33825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2653", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2653" + }, + { + "name": "23607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23607" + }, + { + "name": "24971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24971" + }, + { + "name": "35318", + "refsource": "OSVDB", + "url": "http://osvdb.org/35318" + }, + { + "name": "35317", + "refsource": "OSVDB", + "url": "http://osvdb.org/35317" + }, + { + "name": "postrevolution-commonpreview-file-include(33825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33825" + }, + { + "name": "ADV-2007-1513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1513" + }, + { + "name": "3785", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3785" + }, + { + "name": "20070422 Post Revolution Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466707/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2393.json b/2007/2xxx/CVE-2007-2393.json index e8939690812..cbcf876ec01 100644 --- a/2007/2xxx/CVE-2007-2393.json +++ b/2007/2xxx/CVE-2007-2393.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=305947", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305947" - }, - { - "name" : "APPLE-SA-2007-07-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" - }, - { - "name" : "TA07-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" - }, - { - "name" : "24873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24873" - }, - { - "name" : "ADV-2007-2510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2510" - }, - { - "name" : "36135", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36135" - }, - { - "name" : "1018373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018373" - }, - { - "name" : "26034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26034" - }, - { - "name" : "quicktime-java-applet-code-execution(35359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26034" + }, + { + "name": "1018373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018373" + }, + { + "name": "TA07-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" + }, + { + "name": "ADV-2007-2510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2510" + }, + { + "name": "24873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24873" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305947", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305947" + }, + { + "name": "quicktime-java-applet-code-execution(35359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35359" + }, + { + "name": "APPLE-SA-2007-07-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" + }, + { + "name": "36135", + "refsource": "OSVDB", + "url": "http://osvdb.org/36135" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2963.json b/2007/2xxx/CVE-2007-2963.json index f6903914005..a23cfe20aa0 100644 --- a/2007/2xxx/CVE-2007-2963.json +++ b/2007/2xxx/CVE-2007-2963.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.invisionpower.com/index.php?showtopic=235069", - "refsource" : "CONFIRM", - "url" : "http://forums.invisionpower.com/index.php?showtopic=235069" - }, - { - "name" : "24244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24244" - }, - { - "name" : "ADV-2007-1993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1993" - }, - { - "name" : "35430", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35430" - }, - { - "name" : "35431", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35431" - }, - { - "name" : "35432", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35432" - }, - { - "name" : "35433", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35433" - }, - { - "name" : "35434", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35434" - }, - { - "name" : "35435", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35435" - }, - { - "name" : "25437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25437" - }, - { - "name" : "ipb-editorid-xss(34616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipb-editorid-xss(34616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616" + }, + { + "name": "24244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24244" + }, + { + "name": "25437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25437" + }, + { + "name": "35431", + "refsource": "OSVDB", + "url": "http://osvdb.org/35431" + }, + { + "name": "35430", + "refsource": "OSVDB", + "url": "http://osvdb.org/35430" + }, + { + "name": "http://forums.invisionpower.com/index.php?showtopic=235069", + "refsource": "CONFIRM", + "url": "http://forums.invisionpower.com/index.php?showtopic=235069" + }, + { + "name": "35435", + "refsource": "OSVDB", + "url": "http://osvdb.org/35435" + }, + { + "name": "ADV-2007-1993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1993" + }, + { + "name": "35433", + "refsource": "OSVDB", + "url": "http://osvdb.org/35433" + }, + { + "name": "35434", + "refsource": "OSVDB", + "url": "http://osvdb.org/35434" + }, + { + "name": "35432", + "refsource": "OSVDB", + "url": "http://osvdb.org/35432" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3002.json b/2007/3xxx/CVE-2007-3002.json index 6c628d3792e..846a67da99c 100644 --- a/2007/3xxx/CVE-2007-3002.json +++ b/2007/3xxx/CVE-2007-3002.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070530 PHP JackKnife [multiple vulnerabilities]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470111/100/0/threaded" - }, - { - "name" : "24253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24253" - }, - { - "name" : "45393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45393" - }, - { - "name" : "45394", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45394" - }, - { - "name" : "2768", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2768" - }, - { - "name" : "phpjk-indexgdisplay-path-disclosure(34644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpjk-indexgdisplay-path-disclosure(34644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34644" + }, + { + "name": "45394", + "refsource": "OSVDB", + "url": "http://osvdb.org/45394" + }, + { + "name": "45393", + "refsource": "OSVDB", + "url": "http://osvdb.org/45393" + }, + { + "name": "24253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24253" + }, + { + "name": "2768", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2768" + }, + { + "name": "20070530 PHP JackKnife [multiple vulnerabilities]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470111/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3125.json b/2007/3xxx/CVE-2007-3125.json index e9d1f6e853d..9a4f37ed9bd 100644 --- a/2007/3xxx/CVE-2007-3125.json +++ b/2007/3xxx/CVE-2007-3125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3125", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-6772. Reason: This candidate is a duplicate of CVE-2006-6772. Notes: All CVE users should reference CVE-2006-6772 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-3125", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-6772. Reason: This candidate is a duplicate of CVE-2006-6772. Notes: All CVE users should reference CVE-2006-6772 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3314.json b/2007/3xxx/CVE-2007-3314.json index 2690f6f6e6e..6fe552317b6 100644 --- a/2007/3xxx/CVE-2007-3314.json +++ b/2007/3xxx/CVE-2007-3314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vuln.sg/salamander25-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/salamander25-en.html" - }, - { - "name" : "24557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24557" - }, - { - "name" : "ADV-2007-2268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2268" - }, - { - "name" : "37579", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37579" - }, - { - "name" : "25732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25732" - }, - { - "name" : "salamander-peviewer-bo(34938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25732" + }, + { + "name": "37579", + "refsource": "OSVDB", + "url": "http://osvdb.org/37579" + }, + { + "name": "24557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24557" + }, + { + "name": "ADV-2007-2268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2268" + }, + { + "name": "salamander-peviewer-bo(34938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34938" + }, + { + "name": "http://vuln.sg/salamander25-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/salamander25-en.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3821.json b/2007/3xxx/CVE-2007-3821.json index f40f2bc8c7a..29b9b7a5181 100644 --- a/2007/3xxx/CVE-2007-3821.json +++ b/2007/3xxx/CVE-2007-3821.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070714 Session Riding and multiple XSS in WebCit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473714/100/0/threaded" - }, - { - "name" : "24913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24913" - }, - { - "name" : "38181", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38181" - }, - { - "name" : "26090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26090" - }, - { - "name" : "2890", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2890" - }, - { - "name" : "webcit-unspecified-csrf(35432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38181", + "refsource": "OSVDB", + "url": "http://osvdb.org/38181" + }, + { + "name": "24913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24913" + }, + { + "name": "2890", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2890" + }, + { + "name": "20070714 Session Riding and multiple XSS in WebCit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded" + }, + { + "name": "26090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26090" + }, + { + "name": "webcit-unspecified-csrf(35432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35432" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3850.json b/2007/3xxx/CVE-2007-3850.json index 7815aec094b..362c18f2461 100644 --- a/2007/3xxx/CVE-2007-3850.json +++ b/2007/3xxx/CVE-2007-3850.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=721151d004dcf01a71b12bb6b893f9160284cf6e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=721151d004dcf01a71b12bb6b893f9160284cf6e" - }, - { - "name" : "RHSA-2007:0940", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0940.html" - }, - { - "name" : "26161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26161" - }, - { - "name" : "45488", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45488" - }, - { - "name" : "oval:org.mitre.oval:def:10793", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10793" - }, - { - "name" : "27322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27322" + }, + { + "name": "45488", + "refsource": "OSVDB", + "url": "http://osvdb.org/45488" + }, + { + "name": "26161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26161" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=721151d004dcf01a71b12bb6b893f9160284cf6e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=721151d004dcf01a71b12bb6b893f9160284cf6e" + }, + { + "name": "RHSA-2007:0940", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0940.html" + }, + { + "name": "oval:org.mitre.oval:def:10793", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10793" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4303.json b/2007/4xxx/CVE-2007-4303.json index e2d19adb183..179e3ea93d3 100644 --- a/2007/4xxx/CVE-2007-4303.json +++ b/2007/4xxx/CVE-2007-4303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.watson.org/~robert/2007woot/", - "refsource" : "MISC", - "url" : "http://www.watson.org/~robert/2007woot/" - }, - { - "name" : "25259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25259" - }, - { - "name" : "26474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.watson.org/~robert/2007woot/", + "refsource": "MISC", + "url": "http://www.watson.org/~robert/2007woot/" + }, + { + "name": "26474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26474" + }, + { + "name": "25259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25259" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6195.json b/2007/6xxx/CVE-2007-6195.json index 3b067ddd3b9..02fd0706bc7 100644 --- a/2007/6xxx/CVE-2007-6195.json +++ b/2007/6xxx/CVE-2007-6195.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071217 ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485260/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-079.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-079.html" - }, - { - "name" : "HPSBUX02294", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01294212-1" - }, - { - "name" : "SSRT071451", - "refsource" : "HP", - "url" : "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01294212-1" - }, - { - "name" : "26855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26855" - }, - { - "name" : "oval:org.mitre.oval:def:5710", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5710" - }, - { - "name" : "ADV-2007-4220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4220" - }, - { - "name" : "1019098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019098" - }, - { - "name" : "28087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28087" - }, - { - "name" : "hpux-dce-unspecified-dos(39018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hpux-dce-unspecified-dos(39018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39018" + }, + { + "name": "ADV-2007-4220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4220" + }, + { + "name": "oval:org.mitre.oval:def:5710", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5710" + }, + { + "name": "SSRT071451", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01294212-1" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-079.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-079.html" + }, + { + "name": "20071217 ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485260/100/0/threaded" + }, + { + "name": "26855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26855" + }, + { + "name": "28087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28087" + }, + { + "name": "1019098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019098" + }, + { + "name": "HPSBUX02294", + "refsource": "HP", + "url": "http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01294212-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6239.json b/2007/6xxx/CVE-2007-6239.json index 3ab5f1dfdac..4c9332f958b 100644 --- a/2007/6xxx/CVE-2007-6239.json +++ b/2007/6xxx/CVE-2007-6239.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"cache update reply processing\" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=410181", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=410181" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=201209", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=201209" - }, - { - "name" : "DSA-1482", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1482" - }, - { - "name" : "FEDORA-2007-4161", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html" - }, - { - "name" : "FEDORA-2007-4170", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html" - }, - { - "name" : "GLSA-200801-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-05.xml" - }, - { - "name" : "GLSA-200903-38", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-38.xml" - }, - { - "name" : "MDVSA-2008:002", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:002" - }, - { - "name" : "RHSA-2007:1130", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1130.html" - }, - { - "name" : "SUSE-SR:2008:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" - }, - { - "name" : "USN-565-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-565-1" - }, - { - "name" : "VU#232881", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/232881" - }, - { - "name" : "26687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26687" - }, - { - "name" : "oval:org.mitre.oval:def:10915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915" - }, - { - "name" : "34467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34467" - }, - { - "name" : "ADV-2007-4066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4066" - }, - { - "name" : "1019036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019036" - }, - { - "name" : "27910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27910" - }, - { - "name" : "28091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28091" - }, - { - "name" : "28109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28109" - }, - { - "name" : "28350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28350" - }, - { - "name" : "28381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28381" - }, - { - "name" : "28403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28403" - }, - { - "name" : "28412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28412" - }, - { - "name" : "28814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"cache update reply processing\" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28091" + }, + { + "name": "28412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28412" + }, + { + "name": "FEDORA-2007-4161", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html" + }, + { + "name": "DSA-1482", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1482" + }, + { + "name": "28814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28814" + }, + { + "name": "VU#232881", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/232881" + }, + { + "name": "GLSA-200903-38", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-38.xml" + }, + { + "name": "26687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26687" + }, + { + "name": "RHSA-2007:1130", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1130.html" + }, + { + "name": "28109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28109" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt" + }, + { + "name": "MDVSA-2008:002", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:002" + }, + { + "name": "oval:org.mitre.oval:def:10915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915" + }, + { + "name": "28403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28403" + }, + { + "name": "27910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27910" + }, + { + "name": "GLSA-200801-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-05.xml" + }, + { + "name": "ADV-2007-4066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4066" + }, + { + "name": "28350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28350" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=410181", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=410181" + }, + { + "name": "1019036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019036" + }, + { + "name": "28381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28381" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=201209", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=201209" + }, + { + "name": "34467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34467" + }, + { + "name": "FEDORA-2007-4170", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html" + }, + { + "name": "USN-565-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-565-1" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch" + }, + { + "name": "SUSE-SR:2008:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6470.json b/2007/6xxx/CVE-2007-6470.json index a1255225ce4..aa94bf44ec1 100644 --- a/2007/6xxx/CVE-2007-6470.json +++ b/2007/6xxx/CVE-2007-6470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071214 PHP RPG - Sql Injection and Session Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119774326804168&w=2" - }, - { - "name" : "26884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26884" - }, - { - "name" : "27968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27968" + }, + { + "name": "20071214 PHP RPG - Sql Injection and Session Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119774326804168&w=2" + }, + { + "name": "26884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26884" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6724.json b/2007/6xxx/CVE-2007-6724.json index 887bd8d2e47..57031dc1ca7 100644 --- a/2007/6xxx/CVE-2007-6724.json +++ b/2007/6xxx/CVE-2007-6724.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Oct-2007/msg00291.html" - }, - { - "name" : "vidalia-enableremotehttptoggle-sec-bypass(50474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html" + }, + { + "name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0204.json b/2010/0xxx/CVE-2010-0204.json index d13aac060ec..3a5c143e8ed 100644 --- a/2010/0xxx/CVE-2010-0204.json +++ b/2010/0xxx/CVE-2010-0204.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" - }, - { - "name" : "TA10-103C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" - }, - { - "name" : "39329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39329" - }, - { - "name" : "39522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39522" - }, - { - "name" : "oval:org.mitre.oval:def:7387", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7387" - }, - { - "name" : "ADV-2010-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0873" - }, - { - "name" : "acrobat-unspec-code-execution(57711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acrobat-unspec-code-execution(57711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57711" + }, + { + "name": "39522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39522" + }, + { + "name": "ADV-2010-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0873" + }, + { + "name": "TA10-103C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" + }, + { + "name": "oval:org.mitre.oval:def:7387", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7387" + }, + { + "name": "39329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39329" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0432.json b/2010/0xxx/CVE-2010-0432.json index df1f7c0b8bb..9177cadfb15 100644 --- a/2010/0xxx/CVE-2010-0432.json +++ b/2010/0xxx/CVE-2010-0432.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php", - "refsource" : "MISC", - "url" : "http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920369", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920369" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920370", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920370" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920371", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920371" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920372", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920372" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920379", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920379" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920380", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920380" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920381", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920381" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=920382", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=920382" - }, - { - "name" : "39489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920379", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920379" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920380", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920380" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920369", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920369" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920372", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920372" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920370", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920370" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920371", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920371" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920382", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920382" + }, + { + "name": "http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php", + "refsource": "MISC", + "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php" + }, + { + "name": "39489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39489" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=920381", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=920381" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1120.json b/2010/1xxx/CVE-2010-1120.json index c775ff8fd2f..6afee77e34a 100644 --- a/2010/1xxx/CVE-2010-1120.json +++ b/2010/1xxx/CVE-2010-1120.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" - }, - { - "name" : "http://news.cnet.com/8301-27080_3-20001126-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20001126-245.html" - }, - { - "name" : "http://twitter.com/thezdi/statuses/11002504493", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/11002504493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://twitter.com/thezdi/statuses/11002504493", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/11002504493" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" + }, + { + "name": "http://news.cnet.com/8301-27080_3-20001126-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20001126-245.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1282.json b/2010/1xxx/CVE-2010-1282.json index f3769bfeb91..d707fdc7cee 100644 --- a/2010/1xxx/CVE-2010-1282.json +++ b/2010/1xxx/CVE-2010-1282.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511254/100/0/threaded" - }, - { - "name" : "20100511 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html" - }, - { - "name" : "http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html", - "refsource" : "MISC", - "url" : "http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" - }, - { - "name" : "40088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40088" - }, - { - "name" : "oval:org.mitre.oval:def:7388", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7388" - }, - { - "name" : "ADV-2010-1128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40088" + }, + { + "name": "20100512 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511254/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:7388", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7388" + }, + { + "name": "20100511 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html" + }, + { + "name": "ADV-2010-1128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1128" + }, + { + "name": "http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html", + "refsource": "MISC", + "url": "http://hi.baidu.com/fs_fx/blog/item/f8de1d18ba8c9b76dbb4bd56.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1329.json b/2010/1xxx/CVE-2010-1329.json index 4c11cdb624c..a0b3ebb97fd 100644 --- a/2010/1xxx/CVE-2010-1329.json +++ b/2010/1xxx/CVE-2010-1329.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510709/100/0/threaded" - }, - { - "name" : "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php", - "refsource" : "MISC", - "url" : "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php" - }, - { - "name" : "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html", - "refsource" : "CONFIRM", - "url" : "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html" - }, - { - "name" : "39472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php", + "refsource": "MISC", + "url": "http://www.clearskies.net/documents/css-advisory-css1001-imperva.php" + }, + { + "name": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html", + "refsource": "CONFIRM", + "url": "http://www.imperva.com/resources/adc/adc_advisories_response_clearskies.html" + }, + { + "name": "39472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39472" + }, + { + "name": "20100413 Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510709/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1346.json b/2010/1xxx/CVE-2010-1346.json index f0003ce79a2..756dc78e1e5 100644 --- a/2010/1xxx/CVE-2010-1346.json +++ b/2010/1xxx/CVE-2010-1346.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1003-exploits/minicmsribafs-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/minicmsribafs-sql.txt" - }, - { - "name" : "11835", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11835" - }, - { - "name" : "38881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38881" - }, - { - "name" : "63121", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63121" - }, - { - "name" : "39018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39018" - }, - { - "name" : "minicmsribafs-login-sqli-injection(57092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63121", + "refsource": "OSVDB", + "url": "http://osvdb.org/63121" + }, + { + "name": "39018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39018" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/minicmsribafs-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/minicmsribafs-sql.txt" + }, + { + "name": "38881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38881" + }, + { + "name": "11835", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11835" + }, + { + "name": "minicmsribafs-login-sqli-injection(57092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57092" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1591.json b/2010/1xxx/CVE-2010-1591.json index 2eb753c63e4..9cc16bdcf58 100644 --- a/2010/1xxx/CVE-2010-1591.json +++ b/2010/1xxx/CVE-2010-1591.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \\Device\\RSNTGDI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ntinternals.org/ntiadv0805/ntiadv0805.html", - "refsource" : "MISC", - "url" : "http://www.ntinternals.org/ntiadv0805/ntiadv0805.html" - }, - { - "name" : "http://www.ntinternals.org/ntiadv0902/ntiadv0902.html", - "refsource" : "MISC", - "url" : "http://www.ntinternals.org/ntiadv0902/ntiadv0902.html" - }, - { - "name" : "37951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37951" - }, - { - "name" : "61946", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61946" - }, - { - "name" : "38335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38335" - }, - { - "name" : "ADV-2010-0218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0218" - }, - { - "name" : "rising-antivirus-drivers-priv-escalation(55869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \\Device\\RSNTGDI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ntinternals.org/ntiadv0902/ntiadv0902.html", + "refsource": "MISC", + "url": "http://www.ntinternals.org/ntiadv0902/ntiadv0902.html" + }, + { + "name": "61946", + "refsource": "OSVDB", + "url": "http://osvdb.org/61946" + }, + { + "name": "ADV-2010-0218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0218" + }, + { + "name": "37951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37951" + }, + { + "name": "rising-antivirus-drivers-priv-escalation(55869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55869" + }, + { + "name": "38335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38335" + }, + { + "name": "http://www.ntinternals.org/ntiadv0805/ntiadv0805.html", + "refsource": "MISC", + "url": "http://www.ntinternals.org/ntiadv0805/ntiadv0805.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1637.json b/2010/1xxx/CVE-2010-1637.json index 196a9ab1eeb..7a02734d136 100644 --- a/2010/1xxx/CVE-2010-1637.json +++ b/2010/1xxx/CVE-2010-1637.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/25/9" - }, - { - "name" : "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/25/3" - }, - { - "name" : "[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/21/1" - }, - { - "name" : "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69", - "refsource" : "MISC", - "url" : "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951", - "refsource" : "MISC", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951", - "refsource" : "MISC", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951" - }, - { - "name" : "http://squirrelmail.org/security/issue/2010-06-21", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.org/security/issue/2010-06-21" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "FEDORA-2010-10244", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html" - }, - { - "name" : "FEDORA-2010-10259", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html" - }, - { - "name" : "FEDORA-2010-10264", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html" - }, - { - "name" : "MDVSA-2010:120", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:120" - }, - { - "name" : "RHSA-2012:0103", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0103.html" - }, - { - "name" : "40291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40291" - }, - { - "name" : "40307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40307" - }, - { - "name" : "40307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40307" - }, - { - "name" : "ADV-2010-1535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1535" - }, - { - "name" : "ADV-2010-1536", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1536" - }, - { - "name" : "ADV-2010-1554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-10264", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043261.html" + }, + { + "name": "40291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40291" + }, + { + "name": "MDVSA-2010:120", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:120" + }, + { + "name": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69", + "refsource": "MISC", + "url": "http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "40307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40307" + }, + { + "name": "ADV-2010-1535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1535" + }, + { + "name": "ADV-2010-1554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1554" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/25/9" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951", + "refsource": "MISC", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/functions.php?r1=13951&r2=13950&pathrev=13951" + }, + { + "name": "[oss-security] 20100525 Re: CVE Request for Horde and Squirrelmail", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/25/3" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951", + "refsource": "MISC", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/plugins/mail_fetch/options.php?r1=13951&r2=13950&pathrev=13951" + }, + { + "name": "ADV-2010-1536", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1536" + }, + { + "name": "FEDORA-2010-10259", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043258.html" + }, + { + "name": "[oss-security] 20100621 Re: [SquirrelMail-Security] CVE Request for Horde and Squirrelmail", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/21/1" + }, + { + "name": "RHSA-2012:0103", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html" + }, + { + "name": "40307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40307" + }, + { + "name": "http://squirrelmail.org/security/issue/2010-06-21", + "refsource": "CONFIRM", + "url": "http://squirrelmail.org/security/issue/2010-06-21" + }, + { + "name": "FEDORA-2010-10244", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043239.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1678.json b/2010/1xxx/CVE-2010-1678.json index a20b689182f..793ecd1ccc6 100644 --- a/2010/1xxx/CVE-2010-1678.json +++ b/2010/1xxx/CVE-2010-1678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1721.json b/2010/1xxx/CVE-2010-1721.json index a9f72c44e6d..7ba0478bdd7 100644 --- a/2010/1xxx/CVE-2010-1721.json +++ b/2010/1xxx/CVE-2010-1721.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extensions.thethinkery.net/", - "refsource" : "MISC", - "url" : "http://extensions.thethinkery.net/" - }, - { - "name" : "12246", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12246" - }, - { - "name" : "39495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39495" - }, - { - "name" : "63750", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63750" - }, - { - "name" : "39427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39427" - }, - { - "name" : "intellectual-index-sql-injection(57875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12246", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12246" + }, + { + "name": "39495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39495" + }, + { + "name": "intellectual-index-sql-injection(57875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57875" + }, + { + "name": "63750", + "refsource": "OSVDB", + "url": "http://osvdb.org/63750" + }, + { + "name": "http://extensions.thethinkery.net/", + "refsource": "MISC", + "url": "http://extensions.thethinkery.net/" + }, + { + "name": "39427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39427" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0185.json b/2014/0xxx/CVE-2014-0185.json index 812f5492e68..eafa6addfc5 100644 --- a/2014/0xxx/CVE-2014-0185.json +++ b/2014/0xxx/CVE-2014-0185.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140429 Fwd: [vs] php-fpm: privilege escalation due to insecure default config (CVE-2014-0185)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/29/5" - }, - { - "name" : "https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch", - "refsource" : "MISC", - "url" : "https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/archive/2014.php#id2014-05-01-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2014.php#id2014-05-01-1" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027" - }, - { - "name" : "https://bugs.php.net/bug.php?id=67060", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=67060" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092815", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092815" - }, - { - "name" : "https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "openSUSE-SU-2015:1685", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html" - }, - { - "name" : "59061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59061" - }, - { - "name" : "59329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59329" + }, + { + "name": "https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d" + }, + { + "name": "https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch", + "refsource": "MISC", + "url": "https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027" + }, + { + "name": "https://bugs.php.net/bug.php?id=67060", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=67060" + }, + { + "name": "59061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59061" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "http://www.php.net/archive/2014.php#id2014-05-01-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2014.php#id2014-05-01-1" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "[oss-security] 20140429 Fwd: [vs] php-fpm: privilege escalation due to insecure default config (CVE-2014-0185)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/29/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1092815", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092815" + }, + { + "name": "openSUSE-SU-2015:1685", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0217.json b/2014/0xxx/CVE-2014-0217.json index c19bc04533f..c79be17cfc7 100644 --- a/2014/0xxx/CVE-2014-0217.json +++ b/2014/0xxx/CVE-2014-0217.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140519 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=260365", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=260365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=260365", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=260365" + }, + { + "name": "[oss-security] 20140519 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/19/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0814.json b/2014/0xxx/CVE-2014-0814.json index 54c8b89878c..977a645cb06 100644 --- a/2014/0xxx/CVE-2014-0814.json +++ b/2014/0xxx/CVE-2014-0814.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyfaq.de/advisory_2014-02-04.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2014-02-04.php" - }, - { - "name" : "JVN#30050348", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN30050348/index.html" - }, - { - "name" : "JVNDB-2014-000015", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015" - }, - { - "name" : "65368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65368" - }, - { - "name" : "102940", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102940" - }, - { - "name" : "56006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000015", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015" + }, + { + "name": "65368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65368" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2014-02-04.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2014-02-04.php" + }, + { + "name": "56006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56006" + }, + { + "name": "JVN#30050348", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN30050348/index.html" + }, + { + "name": "102940", + "refsource": "OSVDB", + "url": "http://osvdb.org/102940" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1414.json b/2014/1xxx/CVE-2014-1414.json index 270326b542c..4b4c2083a8d 100644 --- a/2014/1xxx/CVE-2014-1414.json +++ b/2014/1xxx/CVE-2014-1414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1414", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1414", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1595.json b/2014/1xxx/CVE-2014-1595.json index 329a02454da..8d714298a1e 100644 --- a/2014/1xxx/CVE-2014-1595.json +++ b/2014/1xxx/CVE-2014-1595.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/", + "refsource": "MISC", + "url": "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1602.json b/2014/1xxx/CVE-2014-1602.json index b00d972e226..f000109c49c 100644 --- a/2014/1xxx/CVE-2014-1602.json +++ b/2014/1xxx/CVE-2014-1602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1602", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1602", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1959.json b/2014/1xxx/CVE-2014-1959.json index 223c25a2386..10c8e1d1b7c 100644 --- a/2014/1xxx/CVE-2014-1959.json +++ b/2014/1xxx/CVE-2014-1959.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/344" - }, - { - "name" : "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/345" - }, - { - "name" : "http://www.gnutls.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.gnutls.org/security.html" - }, - { - "name" : "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c", - "refsource" : "CONFIRM", - "url" : "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c" - }, - { - "name" : "DSA-2866", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2866" - }, - { - "name" : "USN-2121-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2121-1" - }, - { - "name" : "65559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gnutls.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.gnutls.org/security.html" + }, + { + "name": "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/344" + }, + { + "name": "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/345" + }, + { + "name": "65559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65559" + }, + { + "name": "USN-2121-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2121-1" + }, + { + "name": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c", + "refsource": "CONFIRM", + "url": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c" + }, + { + "name": "DSA-2866", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2866" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4516.json b/2014/4xxx/CVE-2014-4516.json index 41c247f617b..26116fed000 100644 --- a/2014/4xxx/CVE-2014-4516.json +++ b/2014/4xxx/CVE-2014-4516.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-bic-media-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-bic-media-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-bic-media-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-bic-media-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4815.json b/2014/4xxx/CVE-2014-4815.json index d2e6099c7e4..281b733555e 100644 --- a/2014/4xxx/CVE-2014-4815.json +++ b/2014/4xxx/CVE-2014-4815.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691993", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691993" - }, - { - "name" : "ibm-rlia-cve20144815-fixation(95401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rlia-cve20144815-fixation(95401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95401" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691993", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691993" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5086.json b/2014/5xxx/CVE-2014-5086.json index 6c967d5e280..967ba9d0245 100644 --- a/2014/5xxx/CVE-2014-5086.json +++ b/2014/5xxx/CVE-2014-5086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5086", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5086", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5105.json b/2014/5xxx/CVE-2014-5105.json index 734c70c6431..c3b9d3791f2 100644 --- a/2014/5xxx/CVE-2014-5105.json +++ b/2014/5xxx/CVE-2014-5105.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "68719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "68719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68719" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5438.json b/2014/5xxx/CVE-2014-5438.json index cc92151afd7..4066bde9de7 100644 --- a/2014/5xxx/CVE-2014-5438.json +++ b/2014/5xxx/CVE-2014-5438.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141216 CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/58" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141216 CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/58" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5641.json b/2014/5xxx/CVE-2014-5641.json index 020f51a44fe..a864705a024 100644 --- a/2014/5xxx/CVE-2014-5641.json +++ b/2014/5xxx/CVE-2014-5641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#714937", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/714937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#714937", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/714937" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5686.json b/2014/5xxx/CVE-2014-5686.json index 1ab4cf35d0e..2ae5764a3ae 100644 --- a/2014/5xxx/CVE-2014-5686.json +++ b/2014/5xxx/CVE-2014-5686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#520897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/520897" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#520897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/520897" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10001.json b/2016/10xxx/CVE-2016-10001.json index 3db657bb23d..cee831c6b1c 100644 --- a/2016/10xxx/CVE-2016-10001.json +++ b/2016/10xxx/CVE-2016-10001.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10001", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10001", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10126.json b/2016/10xxx/CVE-2016-10126.json index 3aec0530843..0f350e1e522 100644 --- a/2016/10xxx/CVE-2016-10126.json +++ b/2016/10xxx/CVE-2016-10126.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.splunk.com/view/SP-CAAAPSR", - "refsource" : "CONFIRM", - "url" : "https://www.splunk.com/view/SP-CAAAPSR" - }, - { - "name" : "95412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.splunk.com/view/SP-CAAAPSR", + "refsource": "CONFIRM", + "url": "https://www.splunk.com/view/SP-CAAAPSR" + }, + { + "name": "95412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95412" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10570.json b/2016/10xxx/CVE-2016-10570.json index 9169bce1cf1..c9da02708e6 100644 --- a/2016/10xxx/CVE-2016-10570.json +++ b/2016/10xxx/CVE-2016-10570.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pngcrush-installer node module", - "version" : { - "version_data" : [ - { - "version_value" : "<1.8.10" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pngcrush-installer node module", + "version": { + "version_data": [ + { + "version_value": "<1.8.10" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/189", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/189", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/189" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10702.json b/2016/10xxx/CVE-2016-10702.json index 20acf10fa8b..939be57a5b5 100644 --- a/2016/10xxx/CVE-2016-10702.json +++ b/2016/10xxx/CVE-2016-10702.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape/", - "refsource" : "MISC", - "url" : "https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape/", + "refsource": "MISC", + "url": "https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3194.json b/2016/3xxx/CVE-2016-3194.json index d2c5e2a411c..09bcaaeb624 100644 --- a/2016/3xxx/CVE-2016-3194.json +++ b/2016/3xxx/CVE-2016-3194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability", - "refsource" : "CONFIRM", - "url" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability" - }, - { - "name" : "92456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92456" - }, - { - "name" : "1036550", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036550", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036550" + }, + { + "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability", + "refsource": "CONFIRM", + "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability" + }, + { + "name": "92456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92456" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3783.json b/2016/3xxx/CVE-2016-3783.json index d7d0e0e52bb..18d59eaf4c3 100644 --- a/2016/3xxx/CVE-2016-3783.json +++ b/2016/3xxx/CVE-2016-3783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3783", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3783", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4249.json b/2016/4xxx/CVE-2016-4249.json index b882023980e..8131b4e7684 100644 --- a/2016/4xxx/CVE-2016-4249.json +++ b/2016/4xxx/CVE-2016-4249.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "GLSA-201607-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-03" - }, - { - "name" : "MS16-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91722" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91722" + }, + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "GLSA-201607-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-03" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "MS16-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8202.json b/2016/8xxx/CVE-2016-8202.json index b1db42f5974..6814305a379 100644 --- a/2016/8xxx/CVE-2016-8202.json +++ b/2016/8xxx/CVE-2016-8202.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2016-8202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fibre Channel SAN products running Brocade Fabric OS (FOS).", - "version" : { - "version_data" : [ - { - "version_value" : "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation." - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2016-8202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fibre Channel SAN products running Brocade Fabric OS (FOS).", + "version": { + "version_data": [ + { + "version_value": "Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us" - }, - { - "name" : "98332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98332" - }, - { - "name" : "1038401", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038401", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038401" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03739en_us" + }, + { + "name": "98332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98332" + }, + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-208" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8250.json b/2016/8xxx/CVE-2016-8250.json index cf9ab5bbf87..6f78ed01438 100644 --- a/2016/8xxx/CVE-2016-8250.json +++ b/2016/8xxx/CVE-2016-8250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8250", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8250", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8254.json b/2016/8xxx/CVE-2016-8254.json index 8924f956838..240ddf107cb 100644 --- a/2016/8xxx/CVE-2016-8254.json +++ b/2016/8xxx/CVE-2016-8254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8254", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8254", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8518.json b/2016/8xxx/CVE-2016-8518.json index 7f27ff4d556..e6d378410e1 100644 --- a/2016/8xxx/CVE-2016-8518.json +++ b/2016/8xxx/CVE-2016-8518.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2016-12-15T00:00:00", - "ID" : "CVE-2016-8518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Systems Insight Manager using OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "all versions prior to 7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2016-12-15T00:00:00", + "ID": "CVE-2016-8518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Systems Insight Manager using OpenSSL", + "version": { + "version_data": [ + { + "version_value": "all versions prior to 7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "1037492", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "1037492", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037492" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8585.json b/2016/8xxx/CVE-2016-8585.json index 11729426067..35788fcc91f 100644 --- a/2016/8xxx/CVE-2016-8585.json +++ b/2016/8xxx/CVE-2016-8585.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html" - }, - { - "name" : "http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html" - }, - { - "name" : "98342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html" + }, + { + "name": "http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html" + }, + { + "name": "98342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98342" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8820.json b/2016/8xxx/CVE-2016-8820.json index 9ed1996317a..1c8e063c6dd 100644 --- a/2016/8xxx/CVE-2016-8820.json +++ b/2016/8xxx/CVE-2016-8820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, GeForce, GRID and Tesla", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, GeForce, GRID and Tesla", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257" - }, - { - "name" : "95045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257" + }, + { + "name": "95045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95045" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9222.json b/2016/9xxx/CVE-2016-9222.json index e1b43956716..93f262c24aa 100644 --- a/2016/9xxx/CVE-2016-9222.json +++ b/2016/9xxx/CVE-2016-9222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NetFlow Generation Appliance 1.0(2)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NetFlow Generation Appliance 1.0(2)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NetFlow Generation Appliance 1.0(2)", + "version": { + "version_data": [ + { + "version_value": "Cisco NetFlow Generation Appliance 1.0(2)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga" - }, - { - "name" : "95640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95640" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9261.json b/2016/9xxx/CVE-2016-9261.json index 6ac3b390de9..2fd83a6f054 100644 --- a/2016/9xxx/CVE-2016-9261.json +++ b/2016/9xxx/CVE-2016-9261.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9446.json b/2016/9xxx/CVE-2016-9446.json index 1b0425a250b..0bd6cdf6ed0 100644 --- a/2016/9xxx/CVE-2016-9446.json +++ b/2016/9xxx/CVE-2016-9446.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-9446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 CVE Request: gstreamer plugins", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/12" - }, - { - "name" : "[oss-security] 20161118 Re: CVE Request: gstreamer plugins", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/13" - }, - { - "name" : "https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html", - "refsource" : "MISC", - "url" : "https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=774533", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=774533" - }, - { - "name" : "https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "94423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=774533", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=774533" + }, + { + "name": "[oss-security] 20161118 Re: CVE Request: gstreamer plugins", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/13" + }, + { + "name": "94423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94423" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe" + }, + { + "name": "[oss-security] 20161118 CVE Request: gstreamer plugins", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/12" + }, + { + "name": "https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html", + "refsource": "MISC", + "url": "https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9530.json b/2016/9xxx/CVE-2016-9530.json index b6c7dfa9944..6fa6da948bd 100644 --- a/2016/9xxx/CVE-2016-9530.json +++ b/2016/9xxx/CVE-2016-9530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9530", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9694.json b/2016/9xxx/CVE-2016-9694.json index 80266bafeca..a7cb090a623 100644 --- a/2016/9xxx/CVE-2016-9694.json +++ b/2016/9xxx/CVE-2016-9694.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.2" - }, - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "3" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "4.0.2" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.0.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "3" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999960", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999960" - }, - { - "name" : "96825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96825" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999960", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999960" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9949.json b/2016/9xxx/CVE-2016-9949.json index b81bbb8975f..04cab54ab08 100644 --- a/2016/9xxx/CVE-2016-9949.json +++ b/2016/9xxx/CVE-2016-9949.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40937", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40937/" - }, - { - "name" : "https://bugs.launchpad.net/apport/+bug/1648806", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/apport/+bug/1648806" - }, - { - "name" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/", - "refsource" : "MISC", - "url" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/" - }, - { - "name" : "https://github.com/DonnchaC/ubuntu-apport-exploitation", - "refsource" : "MISC", - "url" : "https://github.com/DonnchaC/ubuntu-apport-exploitation" - }, - { - "name" : "USN-3157-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3157-1" - }, - { - "name" : "95011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/DonnchaC/ubuntu-apport-exploitation", + "refsource": "MISC", + "url": "https://github.com/DonnchaC/ubuntu-apport-exploitation" + }, + { + "name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/", + "refsource": "MISC", + "url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/" + }, + { + "name": "https://bugs.launchpad.net/apport/+bug/1648806", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/apport/+bug/1648806" + }, + { + "name": "95011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95011" + }, + { + "name": "USN-3157-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3157-1" + }, + { + "name": "40937", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40937/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2247.json b/2019/2xxx/CVE-2019-2247.json index d094d9b7448..17e8597abca 100644 --- a/2019/2xxx/CVE-2019-2247.json +++ b/2019/2xxx/CVE-2019-2247.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2247", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2247", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2763.json b/2019/2xxx/CVE-2019-2763.json index 5bfe960c446..4eca8fd8b8b 100644 --- a/2019/2xxx/CVE-2019-2763.json +++ b/2019/2xxx/CVE-2019-2763.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2763", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2763", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2833.json b/2019/2xxx/CVE-2019-2833.json index 9d17670bd62..0f76d73dd20 100644 --- a/2019/2xxx/CVE-2019-2833.json +++ b/2019/2xxx/CVE-2019-2833.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2833", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2833", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6070.json b/2019/6xxx/CVE-2019-6070.json index 7b53e9a88de..24293c4a323 100644 --- a/2019/6xxx/CVE-2019-6070.json +++ b/2019/6xxx/CVE-2019-6070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6311.json b/2019/6xxx/CVE-2019-6311.json index 6584a33cbbe..8fa80d4d8cf 100644 --- a/2019/6xxx/CVE-2019-6311.json +++ b/2019/6xxx/CVE-2019-6311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6685.json b/2019/6xxx/CVE-2019-6685.json index 2e64d0cfa3c..7115e46d873 100644 --- a/2019/6xxx/CVE-2019-6685.json +++ b/2019/6xxx/CVE-2019-6685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7380.json b/2019/7xxx/CVE-2019-7380.json index 36c63d0294f..3f9fb1381ab 100644 --- a/2019/7xxx/CVE-2019-7380.json +++ b/2019/7xxx/CVE-2019-7380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7889.json b/2019/7xxx/CVE-2019-7889.json index 0f8a3edd34d..39d719f945e 100644 --- a/2019/7xxx/CVE-2019-7889.json +++ b/2019/7xxx/CVE-2019-7889.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7889", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7889", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file