From 2682e90a639592a7cb88f5fd6e59606f75a12000 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:26:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1179.json | 34 ++-- 2006/1xxx/CVE-2006-1333.json | 220 +++++++++++------------ 2006/5xxx/CVE-2006-5044.json | 130 +++++++------- 2006/5xxx/CVE-2006-5084.json | 190 ++++++++++---------- 2006/5xxx/CVE-2006-5206.json | 150 ++++++++-------- 2006/5xxx/CVE-2006-5388.json | 140 +++++++-------- 2006/5xxx/CVE-2006-5955.json | 170 +++++++++--------- 2006/5xxx/CVE-2006-5966.json | 180 +++++++++---------- 2007/2xxx/CVE-2007-2433.json | 150 ++++++++-------- 2007/2xxx/CVE-2007-2822.json | 170 +++++++++--------- 2007/2xxx/CVE-2007-2853.json | 140 +++++++-------- 2007/2xxx/CVE-2007-2932.json | 160 ++++++++--------- 2007/2xxx/CVE-2007-2952.json | 230 ++++++++++++------------ 2007/2xxx/CVE-2007-2958.json | 250 +++++++++++++------------- 2007/6xxx/CVE-2007-6070.json | 34 ++-- 2010/0xxx/CVE-2010-0185.json | 190 ++++++++++---------- 2010/0xxx/CVE-2010-0769.json | 140 +++++++-------- 2010/0xxx/CVE-2010-0932.json | 130 +++++++------- 2010/0xxx/CVE-2010-0943.json | 160 ++++++++--------- 2010/0xxx/CVE-2010-0962.json | 160 ++++++++--------- 2010/1xxx/CVE-2010-1208.json | 170 +++++++++--------- 2010/1xxx/CVE-2010-1223.json | 180 +++++++++---------- 2010/1xxx/CVE-2010-1353.json | 170 +++++++++--------- 2010/1xxx/CVE-2010-1861.json | 120 ++++++------- 2010/4xxx/CVE-2010-4467.json | 230 ++++++++++++------------ 2010/4xxx/CVE-2010-4987.json | 150 ++++++++-------- 2010/5xxx/CVE-2010-5163.json | 200 ++++++++++----------- 2010/5xxx/CVE-2010-5287.json | 150 ++++++++-------- 2014/0xxx/CVE-2014-0418.json | 260 +++++++++++++-------------- 2014/0xxx/CVE-2014-0764.json | 130 +++++++------- 2014/0xxx/CVE-2014-0846.json | 140 +++++++-------- 2014/0xxx/CVE-2014-0854.json | 130 +++++++------- 2014/0xxx/CVE-2014-0883.json | 120 ++++++------- 2014/0xxx/CVE-2014-0999.json | 160 ++++++++--------- 2014/1xxx/CVE-2014-1555.json | 290 +++++++++++++++--------------- 2014/1xxx/CVE-2014-1641.json | 34 ++-- 2014/4xxx/CVE-2014-4098.json | 150 ++++++++-------- 2014/4xxx/CVE-2014-4367.json | 170 +++++++++--------- 2014/4xxx/CVE-2014-4589.json | 130 +++++++------- 2014/4xxx/CVE-2014-4685.json | 120 ++++++------- 2014/4xxx/CVE-2014-4983.json | 34 ++-- 2014/9xxx/CVE-2014-9364.json | 130 +++++++------- 2016/3xxx/CVE-2016-3331.json | 160 ++++++++--------- 2016/3xxx/CVE-2016-3373.json | 150 ++++++++-------- 2016/3xxx/CVE-2016-3893.json | 150 ++++++++-------- 2016/7xxx/CVE-2016-7274.json | 150 ++++++++-------- 2016/7xxx/CVE-2016-7394.json | 120 ++++++------- 2016/7xxx/CVE-2016-7566.json | 34 ++-- 2016/7xxx/CVE-2016-7754.json | 34 ++-- 2016/7xxx/CVE-2016-7780.json | 150 ++++++++-------- 2016/8xxx/CVE-2016-8064.json | 34 ++-- 2016/8xxx/CVE-2016-8353.json | 130 +++++++------- 2016/8xxx/CVE-2016-8749.json | 178 +++++++++--------- 2016/8xxx/CVE-2016-8831.json | 34 ++-- 2016/8xxx/CVE-2016-8990.json | 34 ++-- 2016/9xxx/CVE-2016-9014.json | 180 +++++++++---------- 2016/9xxx/CVE-2016-9555.json | 340 +++++++++++++++++------------------ 2016/9xxx/CVE-2016-9671.json | 34 ++-- 2019/2xxx/CVE-2019-2402.json | 132 +++++++------- 2019/2xxx/CVE-2019-2613.json | 34 ++-- 60 files changed, 4287 insertions(+), 4287 deletions(-) diff --git a/2006/1xxx/CVE-2006-1179.json b/2006/1xxx/CVE-2006-1179.json index 5e75b323b52..3094ef33cda 100644 --- a/2006/1xxx/CVE-2006-1179.json +++ b/2006/1xxx/CVE-2006-1179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1333.json b/2006/1xxx/CVE-2006-1333.json index 8ac2e7bd639..d03ae95e2b2 100644 --- a/2006/1xxx/CVE-2006-1333.json +++ b/2006/1xxx/CVE-2006-1333.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060318 Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL InjectionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428082" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=20", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=20" - }, - { - "name" : "http://blog.betaparticle.com/UserFiles/File/6fix.txt", - "refsource" : "CONFIRM", - "url" : "http://blog.betaparticle.com/UserFiles/File/6fix.txt" - }, - { - "name" : "17148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17148" - }, - { - "name" : "ADV-2006-1000", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1000" - }, - { - "name" : "23965", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23965" - }, - { - "name" : "23966", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23966" - }, - { - "name" : "1015788", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015788" - }, - { - "name" : "19292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19292" - }, - { - "name" : "600", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/600" - }, - { - "name" : "bpblog-multiple-sql-injection(25327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23966", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23966" + }, + { + "name": "20060318 Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL InjectionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428082" + }, + { + "name": "ADV-2006-1000", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1000" + }, + { + "name": "http://www.nukedx.com/?viewdoc=20", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=20" + }, + { + "name": "bpblog-multiple-sql-injection(25327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25327" + }, + { + "name": "19292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19292" + }, + { + "name": "600", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/600" + }, + { + "name": "http://blog.betaparticle.com/UserFiles/File/6fix.txt", + "refsource": "CONFIRM", + "url": "http://blog.betaparticle.com/UserFiles/File/6fix.txt" + }, + { + "name": "17148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17148" + }, + { + "name": "1015788", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015788" + }, + { + "name": "23965", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23965" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5044.json b/2006/5xxx/CVE-2006-5044.json index 369d3b72ab9..0bdd7006bc5 100644 --- a/2006/5xxx/CVE-2006-5044.json +++ b/2006/5xxx/CVE-2006-5044.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.joomla.org/index.php/topic,79477.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,79477.0.html" - }, - { - "name" : "http://www.princeclan.org", - "refsource" : "CONFIRM", - "url" : "http://www.princeclan.org" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.joomla.org/index.php/topic,79477.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,79477.0.html" + }, + { + "name": "http://www.princeclan.org", + "refsource": "CONFIRM", + "url": "http://www.princeclan.org" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5084.json b/2006/5xxx/CVE-2006-5084.json index 40872fac475..69e9c32b710 100644 --- a/2006/5xxx/CVE-2006-5084.json +++ b/2006/5xxx/CVE-2006-5084.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-protocols.com/vids/skype_osx_0day.htm", - "refsource" : "MISC", - "url" : "http://security-protocols.com/vids/skype_osx_0day.htm" - }, - { - "name" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3259", - "refsource" : "MISC", - "url" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3259" - }, - { - "name" : "http://www.skype.com/security/skype-sb-2006-002.html", - "refsource" : "CONFIRM", - "url" : "http://www.skype.com/security/skype-sb-2006-002.html" - }, - { - "name" : "VU#202604", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/202604" - }, - { - "name" : "20218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20218" - }, - { - "name" : "ADV-2006-3895", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3895" - }, - { - "name" : "1016966", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016966" - }, - { - "name" : "22185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22185/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#202604", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/202604" + }, + { + "name": "22185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22185/" + }, + { + "name": "ADV-2006-3895", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3895" + }, + { + "name": "1016966", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016966" + }, + { + "name": "20218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20218" + }, + { + "name": "http://security-protocols.com/vids/skype_osx_0day.htm", + "refsource": "MISC", + "url": "http://security-protocols.com/vids/skype_osx_0day.htm" + }, + { + "name": "http://www.skype.com/security/skype-sb-2006-002.html", + "refsource": "CONFIRM", + "url": "http://www.skype.com/security/skype-sb-2006-002.html" + }, + { + "name": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3259", + "refsource": "MISC", + "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=3259" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5206.json b/2006/5xxx/CVE-2006-5206.json index 6771c67fe4d..b55f788cc71 100644 --- a/2006/5xxx/CVE-2006-5206.json +++ b/2006/5xxx/CVE-2006-5206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2473", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2473" - }, - { - "name" : "20327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20327" - }, - { - "name" : "22400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22400" - }, - { - "name" : "invisiongallery-index-sql-injection(29333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2473", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2473" + }, + { + "name": "22400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22400" + }, + { + "name": "20327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20327" + }, + { + "name": "invisiongallery-index-sql-injection(29333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29333" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5388.json b/2006/5xxx/CVE-2006-5388.json index 5ce667ceab0..4d9ef63a3c8 100644 --- a/2006/5xxx/CVE-2006-5388.json +++ b/2006/5xxx/CVE-2006-5388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2568", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2568" - }, - { - "name" : "20540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20540" - }, - { - "name" : "webspell-index-sql-injection(29563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2568", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2568" + }, + { + "name": "webspell-index-sql-injection(29563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29563" + }, + { + "name": "20540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20540" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5955.json b/2006/5xxx/CVE-2006-5955.json index 65ca73ae463..fbc9c75812a 100644 --- a/2006/5xxx/CVE-2006-5955.json +++ b/2006/5xxx/CVE-2006-5955.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 Real Estate Listing System SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451503/100/200/threaded" - }, - { - "name" : "http://aria-security.net/advisory/Real%20Estate%20Listing%20System.txt", - "refsource" : "MISC", - "url" : "http://aria-security.net/advisory/Real%20Estate%20Listing%20System.txt" - }, - { - "name" : "21109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21109" - }, - { - "name" : "ADV-2006-4526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4526" - }, - { - "name" : "22894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22894" - }, - { - "name" : "relistingsystem-listings-sql-injection(30258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aria-security.net/advisory/Real%20Estate%20Listing%20System.txt", + "refsource": "MISC", + "url": "http://aria-security.net/advisory/Real%20Estate%20Listing%20System.txt" + }, + { + "name": "ADV-2006-4526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4526" + }, + { + "name": "21109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21109" + }, + { + "name": "20061113 Real Estate Listing System SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451503/100/200/threaded" + }, + { + "name": "22894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22894" + }, + { + "name": "relistingsystem-listings-sql-injection(30258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30258" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5966.json b/2006/5xxx/CVE-2006-5966.json index 1daf9ea40c8..40456b938d1 100644 --- a/2006/5xxx/CVE-2006-5966.json +++ b/2006/5xxx/CVE-2006-5966.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-5966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 Secunia Research: Panda ActiveScan Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451864/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-64/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-64/advisory/" - }, - { - "name" : "21132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21132" - }, - { - "name" : "ADV-2006-4536", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4536" - }, - { - "name" : "21763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21763" - }, - { - "name" : "pandaactivescan-activescan-dos(30317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30317" - }, - { - "name" : "pandaactivescan-pavpz-info-disclosure(30318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pandaactivescan-pavpz-info-disclosure(30318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30318" + }, + { + "name": "21763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21763" + }, + { + "name": "21132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21132" + }, + { + "name": "http://secunia.com/secunia_research/2006-64/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-64/advisory/" + }, + { + "name": "ADV-2006-4536", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4536" + }, + { + "name": "20061116 Secunia Research: Panda ActiveScan Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451864/100/0/threaded" + }, + { + "name": "pandaactivescan-activescan-dos(30317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30317" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2433.json b/2007/2xxx/CVE-2007-2433.json index 96e018c1a59..cd9dfaf2a55 100644 --- a/2007/2xxx/CVE-2007-2433.json +++ b/2007/2xxx/CVE-2007-2433.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23735" - }, - { - "name" : "35493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35493" - }, - { - "name" : "25090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25090" - }, - { - "name" : "ariadne-index-xss(33987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ariadne-index-xss(33987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33987" + }, + { + "name": "35493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35493" + }, + { + "name": "25090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25090" + }, + { + "name": "23735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23735" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2822.json b/2007/2xxx/CVE-2007-2822.json index 6ece73623dd..814e07326b9 100644 --- a/2007/2xxx/CVE-2007-2822.json +++ b/2007/2xxx/CVE-2007-2822.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3963", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3963" - }, - { - "name" : "http://www.wavelinkmedia.com/scripts/tutorialcms/", - "refsource" : "CONFIRM", - "url" : "http://www.wavelinkmedia.com/scripts/tutorialcms/" - }, - { - "name" : "ADV-2007-1903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1903" - }, - { - "name" : "36520", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36520" - }, - { - "name" : "25358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25358" - }, - { - "name" : "tutorialcms-multiple-security-bypass(34401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25358" + }, + { + "name": "3963", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3963" + }, + { + "name": "http://www.wavelinkmedia.com/scripts/tutorialcms/", + "refsource": "CONFIRM", + "url": "http://www.wavelinkmedia.com/scripts/tutorialcms/" + }, + { + "name": "36520", + "refsource": "OSVDB", + "url": "http://osvdb.org/36520" + }, + { + "name": "tutorialcms-multiple-security-bypass(34401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34401" + }, + { + "name": "ADV-2007-1903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1903" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2853.json b/2007/2xxx/CVE-2007-2853.json index dcc2c54d00f..2d1a6590745 100644 --- a/2007/2xxx/CVE-2007-2853.json +++ b/2007/2xxx/CVE-2007-2853.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3967", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3967" - }, - { - "name" : "24087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24087" - }, - { - "name" : "38099", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3967", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3967" + }, + { + "name": "24087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24087" + }, + { + "name": "38099", + "refsource": "OSVDB", + "url": "http://osvdb.org/38099" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2932.json b/2007/2xxx/CVE-2007-2932.json index 7c3adcb2a2a..701a1645da6 100644 --- a/2007/2xxx/CVE-2007-2932.json +++ b/2007/2xxx/CVE-2007-2932.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070525 BoastMachine index.php Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469590/100/0/threaded" - }, - { - "name" : "24156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24156" - }, - { - "name" : "38060", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38060" - }, - { - "name" : "2743", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2743" - }, - { - "name" : "boastmachine-index-xss(34509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24156" + }, + { + "name": "boastmachine-index-xss(34509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34509" + }, + { + "name": "20070525 BoastMachine index.php Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469590/100/0/threaded" + }, + { + "name": "2743", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2743" + }, + { + "name": "38060", + "refsource": "OSVDB", + "url": "http://osvdb.org/38060" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2952.json b/2007/2xxx/CVE-2007-2952.json index e921007cf3d..fcc8b94e517 100644 --- a/2007/2xxx/CVE-2007-2952.json +++ b/2007/2xxx/CVE-2007-2952.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-2952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080731 Secunia Research: Blue Coat K9 Web Protection \"Referer\" Header Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494975/100/0/threaded" - }, - { - "name" : "20080731 Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494984/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2007-61/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-61/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2007-64/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-64/advisory/" - }, - { - "name" : "30463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30463" - }, - { - "name" : "30464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30464" - }, - { - "name" : "ADV-2008-2263", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2263/references" - }, - { - "name" : "1020587", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020587" - }, - { - "name" : "1020588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020588" - }, - { - "name" : "25813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25813" - }, - { - "name" : "bluecoat-k9-referer-bo(44123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44123" - }, - { - "name" : "bluecoat-k9-version-bo(44124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080731 Secunia Research: Blue Coat K9 Web Protection \"Referer\" Header Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494975/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2007-61/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-61/advisory/" + }, + { + "name": "bluecoat-k9-referer-bo(44123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44123" + }, + { + "name": "30463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30463" + }, + { + "name": "30464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30464" + }, + { + "name": "1020587", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020587" + }, + { + "name": "http://secunia.com/secunia_research/2007-64/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-64/advisory/" + }, + { + "name": "ADV-2008-2263", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2263/references" + }, + { + "name": "1020588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020588" + }, + { + "name": "25813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25813" + }, + { + "name": "bluecoat-k9-version-bo(44124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44124" + }, + { + "name": "20080731 Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494984/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2958.json b/2007/2xxx/CVE-2007-2958.json index 9cdc6c27f5a..41c660cdc32 100644 --- a/2007/2xxx/CVE-2007-2958.json +++ b/2007/2xxx/CVE-2007-2958.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-2958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2007-70/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-70/advisory/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=254121", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=254121" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=190104", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=190104" - }, - { - "name" : "FEDORA-2007-2009", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html" - }, - { - "name" : "GLSA-200710-29", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-29.xml" - }, - { - "name" : "SUSE-SR:2007:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_20_sr.html" - }, - { - "name" : "25430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25430" - }, - { - "name" : "ADV-2007-2971", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2971" - }, - { - "name" : "40184", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40184" - }, - { - "name" : "26550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26550" - }, - { - "name" : "26610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26610" - }, - { - "name" : "27379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27379" - }, - { - "name" : "27229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27229" - }, - { - "name" : "sylpheed-incputerror-format-string(36238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26550" + }, + { + "name": "ADV-2007-2971", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2971" + }, + { + "name": "26610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26610" + }, + { + "name": "http://secunia.com/secunia_research/2007-70/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-70/advisory/" + }, + { + "name": "40184", + "refsource": "OSVDB", + "url": "http://osvdb.org/40184" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=254121", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=254121" + }, + { + "name": "27229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27229" + }, + { + "name": "27379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27379" + }, + { + "name": "sylpheed-incputerror-format-string(36238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238" + }, + { + "name": "FEDORA-2007-2009", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html" + }, + { + "name": "GLSA-200710-29", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-29.xml" + }, + { + "name": "25430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25430" + }, + { + "name": "SUSE-SR:2007:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=190104", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=190104" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6070.json b/2007/6xxx/CVE-2007-6070.json index 634b828ac6e..62936f29abc 100644 --- a/2007/6xxx/CVE-2007-6070.json +++ b/2007/6xxx/CVE-2007-6070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0185.json b/2010/0xxx/CVE-2010-0185.json index 24ef2df4aa3..d9588ac085e 100644 --- a/2010/0xxx/CVE-2010-0185.json +++ b/2010/0xxx/CVE-2010-0185.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb2.adobe.com/cps/807/cpsid_80719.html", - "refsource" : "CONFIRM", - "url" : "http://kb2.adobe.com/cps/807/cpsid_80719.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-04.html" - }, - { - "name" : "38007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38007" - }, - { - "name" : "62037", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62037" - }, - { - "name" : "1023519", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023519" - }, - { - "name" : "38387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38387" - }, - { - "name" : "ADV-2010-0259", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0259" - }, - { - "name" : "coldfusion-solr-information-disclosure(55997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38007" + }, + { + "name": "ADV-2010-0259", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0259" + }, + { + "name": "1023519", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023519" + }, + { + "name": "coldfusion-solr-information-disclosure(55997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997" + }, + { + "name": "38387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38387" + }, + { + "name": "http://kb2.adobe.com/cps/807/cpsid_80719.html", + "refsource": "CONFIRM", + "url": "http://kb2.adobe.com/cps/807/cpsid_80719.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-04.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-04.html" + }, + { + "name": "62037", + "refsource": "OSVDB", + "url": "http://osvdb.org/62037" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0769.json b/2010/0xxx/CVE-2010-0769.json index 099a80ba464..3524a987fe6 100644 --- a/2010/0xxx/CVE-2010-0769.json +++ b/2010/0xxx/CVE-2010-0769.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK95089", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK95089" - }, - { - "name" : "39140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39140" - }, - { - "name" : "was-wsadmin-info-disclosure(57185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "was-wsadmin-info-disclosure(57185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57185" + }, + { + "name": "PK95089", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK95089" + }, + { + "name": "39140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39140" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0932.json b/2010/0xxx/CVE-2010-0932.json index d87206e89c2..d04b09b36d9 100644 --- a/2010/0xxx/CVE-2010-0932.json +++ b/2010/0xxx/CVE-2010-0932.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20100304 Perforce", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html" - }, - { - "name" : "36261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36261" + }, + { + "name": "[dailydave] 20100304 Perforce", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0943.json b/2010/0xxx/CVE-2010-0943.json index 6f78d4803c4..dbffe251840 100644 --- a/2010/0xxx/CVE-2010-0943.json +++ b/2010/0xxx/CVE-2010-0943.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/joomlajashowcase-traversal.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/joomlajashowcase-traversal.txt" - }, - { - "name" : "11090", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11090" - }, - { - "name" : "37692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37692" - }, - { - "name" : "33486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33486" - }, - { - "name" : "jashowcase-index-directory-traversal(55512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11090", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11090" + }, + { + "name": "33486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33486" + }, + { + "name": "37692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37692" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/joomlajashowcase-traversal.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/joomlajashowcase-traversal.txt" + }, + { + "name": "jashowcase-index-directory-traversal(55512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55512" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0962.json b/2010/0xxx/CVE-2010-0962.json index e814bc1640a..a6b6ea480c4 100644 --- a/2010/0xxx/CVE-2010-0962.json +++ b/2010/0xxx/CVE-2010-0962.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509867/100/0/threaded" - }, - { - "name" : "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509974/100/0/threaded" - }, - { - "name" : "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Mar/106" - }, - { - "name" : "38543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38543" - }, - { - "name" : "apple-ftpproxy-security-bypass(56701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apple-ftpproxy-security-bypass(56701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701" + }, + { + "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded" + }, + { + "name": "38543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38543" + }, + { + "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Mar/106" + }, + { + "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1208.json b/2010/1xxx/CVE-2010-1208.json index 2f814914a21..32483bedb55 100644 --- a/2010/1xxx/CVE-2010-1208.json +++ b/2010/1xxx/CVE-2010-1208.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512515" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-134/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-134/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=572986", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=572986" - }, - { - "name" : "41849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41849" - }, - { - "name" : "oval:org.mitre.oval:def:11740", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11740", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-134/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-134/" + }, + { + "name": "41849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41849" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=572986" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-35.html" + }, + { + "name": "20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512515" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1223.json b/2010/1xxx/CVE-2010-1223.json index 4a442be5719..c2f177caecd 100644 --- a/2010/1xxx/CVE-2010-1223.json +++ b/2010/1xxx/CVE-2010-1223.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100406 CA20100406-01: Security Notice for CA XOsoft", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510564/100/0/threaded" - }, - { - "name" : "20100406 ZDI-10-065: CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510565/100/0/threaded" - }, - { - "name" : "20100406 ZDI-10-066: CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510567/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-065/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-065/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-066/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-066/" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869" - }, - { - "name" : "39238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39238" + }, + { + "name": "20100406 CA20100406-01: Security Notice for CA XOsoft", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510564/100/0/threaded" + }, + { + "name": "20100406 ZDI-10-065: CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510565/100/0/threaded" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-065/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-065/" + }, + { + "name": "20100406 ZDI-10-066: CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510567/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-066/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-066/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1353.json b/2010/1xxx/CVE-2010-1353.json index 5d9e7d72629..d2f1fec569c 100644 --- a/2010/1xxx/CVE-2010-1353.json +++ b/2010/1xxx/CVE-2010-1353.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txt" - }, - { - "name" : "12068", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12068" - }, - { - "name" : "39212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39212" - }, - { - "name" : "39349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39349" - }, - { - "name" : "ADV-2010-0808", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0808" - }, - { - "name" : "comloginbox-view-file-include(57533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "comloginbox-view-file-include(57533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57533" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txt" + }, + { + "name": "39212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39212" + }, + { + "name": "12068", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12068" + }, + { + "name": "ADV-2010-0808", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0808" + }, + { + "name": "39349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39349" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1861.json b/2010/1xxx/CVE-2010-1861.json index d76d9f248c5..fc80ccecaa0 100644 --- a/2010/1xxx/CVE-2010-1861.json +++ b/2010/1xxx/CVE-2010-1861.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/05/mops-2010-009-php-shm_put_var-already-freed-resource-access-vulnerability/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4467.json b/2010/4xxx/CVE-2010-4467.json index e9af1c9d505..1b8afaeb113 100644 --- a/2010/4xxx/CVE-2010-4467.json +++ b/2010/4xxx/CVE-2010-4467.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-4467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0282", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" - }, - { - "name" : "RHSA-2011:0880", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" - }, - { - "name" : "46395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46395" - }, - { - "name" : "oval:org.mitre.oval:def:12269", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12269" - }, - { - "name" : "oval:org.mitre.oval:def:14384", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14384" - }, - { - "name" : "44954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44954" - }, - { - "name" : "oracle-runtime-deployment-code-exec(65398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oracle-runtime-deployment-code-exec(65398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65398" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" + }, + { + "name": "44954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44954" + }, + { + "name": "RHSA-2011:0880", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" + }, + { + "name": "46395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46395" + }, + { + "name": "RHSA-2011:0282", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html" + }, + { + "name": "oval:org.mitre.oval:def:14384", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14384" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "oval:org.mitre.oval:def:12269", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12269" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4987.json b/2010/4xxx/CVE-2010-4987.json index cee412b2434..c106c87364c 100644 --- a/2010/4xxx/CVE-2010-4987.json +++ b/2010/4xxx/CVE-2010-4987.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14281", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14281" - }, - { - "name" : "41491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41491" - }, - { - "name" : "ADV-2010-1768", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1768" - }, - { - "name" : "kmsoft-guestbook-default-sql-injection(60198)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1768", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1768" + }, + { + "name": "kmsoft-guestbook-default-sql-injection(60198)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60198" + }, + { + "name": "41491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41491" + }, + { + "name": "14281", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14281" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5163.json b/2010/5xxx/CVE-2010-5163.json index 88548c3deb7..6a70ce3faed 100644 --- a/2010/5xxx/CVE-2010-5163.json +++ b/2010/5xxx/CVE-2010-5163.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5287.json b/2010/5xxx/CVE-2010-5287.json index 5a190fb224f..753f211a61d 100644 --- a/2010/5xxx/CVE-2010-5287.json +++ b/2010/5xxx/CVE-2010-5287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18319", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18319" - }, - { - "name" : "13980", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13980" - }, - { - "name" : "41042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41042" - }, - { - "name" : "cornerstonecms-default-sql-injection(59668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18319", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18319" + }, + { + "name": "13980", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13980" + }, + { + "name": "41042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41042" + }, + { + "name": "cornerstonecms-default-sql-injection(59668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59668" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0418.json b/2014/0xxx/CVE-2014-0418.json index cc9c5c2bffc..837931a043c 100644 --- a/2014/0xxx/CVE-2014-0418.json +++ b/2014/0xxx/CVE-2014-0418.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64917" - }, - { - "name" : "102012", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102012" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - }, - { - "name" : "oracle-cpujan2014-cve20140418(90344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "64917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64917" + }, + { + "name": "oracle-cpujan2014-cve20140418(90344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90344" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "102012", + "refsource": "OSVDB", + "url": "http://osvdb.org/102012" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0764.json b/2014/0xxx/CVE-2014-0764.json index f5603d231aa..8b040a76f26 100644 --- a/2014/0xxx/CVE-2014-0764.json +++ b/2014/0xxx/CVE-2014-0764.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" - }, - { - "name" : "66718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" + }, + { + "name": "66718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66718" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0846.json b/2014/0xxx/CVE-2014-0846.json index 73b2be0b9b3..4ba6d404c29 100644 --- a/2014/0xxx/CVE-2014-0846.json +++ b/2014/0xxx/CVE-2014-0846.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21664412", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21664412" - }, - { - "name" : "65917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65917" - }, - { - "name" : "ibm-rrc-cve20140846-xss(90720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664412", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664412" + }, + { + "name": "ibm-rrc-cve20140846-xss(90720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90720" + }, + { + "name": "65917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65917" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0854.json b/2014/0xxx/CVE-2014-0854.json index ed2b2de2bcc..84c1c5df6fb 100644 --- a/2014/0xxx/CVE-2014-0854.json +++ b/2014/0xxx/CVE-2014-0854.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662856", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662856" - }, - { - "name" : "ibm-cognos-cve20140854-xxe(90794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-cognos-cve20140854-xxe(90794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90794" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0883.json b/2014/0xxx/CVE-2014-0883.json index 1b9740d4823..6d1a53d5714 100644 --- a/2014/0xxx/CVE-2014-0883.json +++ b/2014/0xxx/CVE-2014-0883.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user name on the logon screen. IBM X-Force ID: 91163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1019972", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1019972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user name on the logon screen. IBM X-Force ID: 91163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1019972", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1019972" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0999.json b/2014/0xxx/CVE-2014-0999.json index 65da6745c9d..78fbd6bed4f 100644 --- a/2014/0xxx/CVE-2014-0999.json +++ b/2014/0xxx/CVE-2014-0999.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535592/100/0/threaded" - }, - { - "name" : "37114", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/37114" - }, - { - "name" : "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/95" - }, - { - "name" : "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html" - }, - { - "name" : "http://www.sendio.com/software-release-history/", - "refsource" : "CONFIRM", - "url" : "http://www.sendio.com/software-release-history/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/95" + }, + { + "name": "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html" + }, + { + "name": "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535592/100/0/threaded" + }, + { + "name": "http://www.sendio.com/software-release-history/", + "refsource": "CONFIRM", + "url": "http://www.sendio.com/software-release-history/" + }, + { + "name": "37114", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/37114" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1555.json b/2014/1xxx/CVE-2014-1555.json index 40a1ecfcb03..fbae1d1bb91 100644 --- a/2014/1xxx/CVE-2014-1555.json +++ b/2014/1xxx/CVE-2014-1555.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-61.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-61.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1023121", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1023121" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0918.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0918.html" - }, - { - "name" : "DSA-2986", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2986" - }, - { - "name" : "DSA-2996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2996" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "68814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68814" - }, - { - "name" : "1030619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030619" - }, - { - "name" : "1030620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030620" - }, - { - "name" : "59591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59591" - }, - { - "name" : "59719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59719" - }, - { - "name" : "59760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59760" - }, - { - "name" : "60306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60306" - }, - { - "name" : "60486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60486" - }, - { - "name" : "60621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60621" - }, - { - "name" : "60628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60628" - }, - { - "name" : "60083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68814" + }, + { + "name": "59719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59719" + }, + { + "name": "60083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60083" + }, + { + "name": "60621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60621" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "60306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60306" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0918.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0918.html" + }, + { + "name": "1030620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030620" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-61.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-61.html" + }, + { + "name": "DSA-2996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2996" + }, + { + "name": "1030619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030619" + }, + { + "name": "60486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60486" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1023121", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1023121" + }, + { + "name": "60628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60628" + }, + { + "name": "DSA-2986", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2986" + }, + { + "name": "59760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59760" + }, + { + "name": "59591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59591" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1641.json b/2014/1xxx/CVE-2014-1641.json index 052063cb0fd..f1c8d9f6b90 100644 --- a/2014/1xxx/CVE-2014-1641.json +++ b/2014/1xxx/CVE-2014-1641.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1641", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1641", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4098.json b/2014/4xxx/CVE-2014-4098.json index 5e397af9d46..7c0ebb24b63 100644 --- a/2014/4xxx/CVE-2014-4098.json +++ b/2014/4xxx/CVE-2014-4098.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69606" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144098-code-exec(95528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-ie-cve20144098-code-exec(95528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95528" + }, + { + "name": "69606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69606" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4367.json b/2014/4xxx/CVE-2014-4367.json index 258f83f110c..1e2713019a0 100644 --- a/2014/4xxx/CVE-2014-4367.json +++ b/2014/4xxx/CVE-2014-4367.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "69882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69882" - }, - { - "name" : "69945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69945" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "appleios-cve20144367-sec-bypass(96091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "69882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69882" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "appleios-cve20144367-sec-bypass(96091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96091" + }, + { + "name": "69945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69945" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4589.json b/2014/4xxx/CVE-2014-4589.json index 6fc1fcfd86f..7728c6a35c2 100644 --- a/2014/4xxx/CVE-2014-4589.json +++ b/2014/4xxx/CVE-2014-4589.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss" - }, - { - "name" : "wp-mediaplayer-cve20144589-xss(94398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss" + }, + { + "name": "wp-mediaplayer-cve20144589-xss(94398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94398" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4685.json b/2014/4xxx/CVE-2014-4685.json index bbc3b4e7aa1..c5b42a332db 100644 --- a/2014/4xxx/CVE-2014-4685.json +++ b/2014/4xxx/CVE-2014-4685.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4983.json b/2014/4xxx/CVE-2014-4983.json index a61951e8934..d0e88ffe875 100644 --- a/2014/4xxx/CVE-2014-4983.json +++ b/2014/4xxx/CVE-2014-4983.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4983", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4983", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9364.json b/2014/9xxx/CVE-2014-9364.json index 64b93488c0f..59588e03d58 100644 --- a/2014/9xxx/CVE-2014-9364.json +++ b/2014/9xxx/CVE-2014-9364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2300369", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2300369" - }, - { - "name" : "https://www.drupal.org/node/2299467", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2299467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2300369", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2300369" + }, + { + "name": "https://www.drupal.org/node/2299467", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2299467" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3331.json b/2016/3xxx/CVE-2016-3331.json index 30d50a58984..483e5289fa6 100644 --- a/2016/3xxx/CVE-2016-3331.json +++ b/2016/3xxx/CVE-2016-3331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-118", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118" - }, - { - "name" : "MS16-119", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119" - }, - { - "name" : "93387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93387" - }, - { - "name" : "1036992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036992" - }, - { - "name" : "1036993", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-119", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119" + }, + { + "name": "MS16-118", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118" + }, + { + "name": "1036993", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036993" + }, + { + "name": "1036992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036992" + }, + { + "name": "93387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93387" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3373.json b/2016/3xxx/CVE-2016-3373.json index 981a91fb83e..e3264ab5f46 100644 --- a/2016/3xxx/CVE-2016-3373.json +++ b/2016/3xxx/CVE-2016-3373.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40430", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40430/" - }, - { - "name" : "MS16-111", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" - }, - { - "name" : "92845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92845" - }, - { - "name" : "1036802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-111", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111" + }, + { + "name": "1036802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036802" + }, + { + "name": "92845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92845" + }, + { + "name": "40430", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40430/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3893.json b/2016/3xxx/CVE-2016-3893.json index 0badcdd1f8b..efa85c2e69f 100644 --- a/2016/3xxx/CVE-2016-3893.json +++ b/2016/3xxx/CVE-2016-3893.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-09-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-09-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7a6ddc91cce7ad5ad55c9709b24bfc80f5ac873", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7a6ddc91cce7ad5ad55c9709b24bfc80f5ac873" - }, - { - "name" : "92884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92884" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-09-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-09-01.html" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "92884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92884" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7a6ddc91cce7ad5ad55c9709b24bfc80f5ac873", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7a6ddc91cce7ad5ad55c9709b24bfc80f5ac873" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7274.json b/2016/7xxx/CVE-2016-7274.json index a168d1fcfe5..ddff4f58f39 100644 --- a/2016/7xxx/CVE-2016-7274.json +++ b/2016/7xxx/CVE-2016-7274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Uniscribe Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41615", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41615/" - }, - { - "name" : "MS16-147", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147" - }, - { - "name" : "94758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94758" - }, - { - "name" : "1037440", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Uniscribe Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-147", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147" + }, + { + "name": "41615", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41615/" + }, + { + "name": "94758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94758" + }, + { + "name": "1037440", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037440" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7394.json b/2016/7xxx/CVE-2016-7394.json index f79181858ff..178d949a138 100644 --- a/2016/7xxx/CVE-2016-7394.json +++ b/2016/7xxx/CVE-2016-7394.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/tikiwiki/code/59653/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/tikiwiki/code/59653/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/tikiwiki/code/59653/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/tikiwiki/code/59653/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7566.json b/2016/7xxx/CVE-2016-7566.json index 0a14e218f87..5904ae6a358 100644 --- a/2016/7xxx/CVE-2016-7566.json +++ b/2016/7xxx/CVE-2016-7566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7754.json b/2016/7xxx/CVE-2016-7754.json index b2bb6a99326..585f3ef5289 100644 --- a/2016/7xxx/CVE-2016-7754.json +++ b/2016/7xxx/CVE-2016-7754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7754", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7754", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7780.json b/2016/7xxx/CVE-2016-7780.json index 6af08a88cac..fd48a840a90 100644 --- a/2016/7xxx/CVE-2016-7780.json +++ b/2016/7xxx/CVE-2016-7780.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161102 Disclose [10 * cve] in Exponent CMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Nov/12" - }, - { - "name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" - }, - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31" - }, - { - "name" : "97208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31" + }, + { + "name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" + }, + { + "name": "20161102 Disclose [10 * cve] in Exponent CMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Nov/12" + }, + { + "name": "97208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97208" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8064.json b/2016/8xxx/CVE-2016-8064.json index 89abbcd422b..417822886ec 100644 --- a/2016/8xxx/CVE-2016-8064.json +++ b/2016/8xxx/CVE-2016-8064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8064", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8064", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8353.json b/2016/8xxx/CVE-2016-8353.json index bd027a0a2fc..303b1ff989c 100644 --- a/2016/8xxx/CVE-2016-8353.json +++ b/2016/8xxx/CVE-2016-8353.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSIsoft PI Web API 2015 R2 1.5.1", - "version" : { - "version_data" : [ - { - "version_value" : "OSIsoft PI Web API 2015 R2 1.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Web API 2015 R2 1.5.1", + "version": { + "version_data": [ + { + "version_value": "OSIsoft PI Web API 2015 R2 1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01" - }, - { - "name" : "93552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01" + }, + { + "name": "93552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93552" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8749.json b/2016/8xxx/CVE-2016-8749.json index b7805a879e0..0ec8f3293de 100644 --- a/2016/8xxx/CVE-2016-8749.json +++ b/2016/8xxx/CVE-2016-8749.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2016-8749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Camel", - "version" : { - "version_data" : [ - { - "version_value" : "2.16.0 to 2.16.4" - }, - { - "version_value" : "2.17.0 to 2.17.4" - }, - { - "version_value" : "2.18.0 to 2.18.1" - }, - { - "version_value" : "The unsupported Camel 2.x (2.14 and earlier) versions may be also affected." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2016-8749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Camel", + "version": { + "version_data": [ + { + "version_value": "2.16.0 to 2.16.4" + }, + { + "version_value": "2.17.0 to 2.17.4" + }, + { + "version_value": "2.18.0 to 2.18.1" + }, + { + "version_value": "The unsupported Camel 2.x (2.14 and earlier) versions may be also affected." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/22/2" - }, - { - "name" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", - "refsource" : "MISC", - "url" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" - }, - { - "name" : "http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2", - "refsource" : "CONFIRM", - "url" : "http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2" - }, - { - "name" : "RHSA-2017:1832", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1832" - }, - { - "name" : "97179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1832", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1832" + }, + { + "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", + "refsource": "MISC", + "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" + }, + { + "name": "http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2", + "refsource": "CONFIRM", + "url": "http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2" + }, + { + "name": "97179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97179" + }, + { + "name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8831.json b/2016/8xxx/CVE-2016-8831.json index 08e82c42f3c..babed903722 100644 --- a/2016/8xxx/CVE-2016-8831.json +++ b/2016/8xxx/CVE-2016-8831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8831", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8831", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8990.json b/2016/8xxx/CVE-2016-8990.json index f15d24f71ff..9d12f4434c4 100644 --- a/2016/8xxx/CVE-2016-8990.json +++ b/2016/8xxx/CVE-2016-8990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8990", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8990", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9014.json b/2016/9xxx/CVE-2016-9014.json index bd015a304f2..c8b3b0f4c3f 100644 --- a/2016/9xxx/CVE-2016-9014.json +++ b/2016/9xxx/CVE-2016-9014.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" - }, - { - "name" : "DSA-3835", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3835" - }, - { - "name" : "FEDORA-2016-3eb5a55123", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/" - }, - { - "name" : "FEDORA-2016-d4571bf555", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/" - }, - { - "name" : "USN-3115-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3115-1" - }, - { - "name" : "94068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94068" - }, - { - "name" : "1037159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" + }, + { + "name": "FEDORA-2016-d4571bf555", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/" + }, + { + "name": "94068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94068" + }, + { + "name": "DSA-3835", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3835" + }, + { + "name": "USN-3115-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3115-1" + }, + { + "name": "1037159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037159" + }, + { + "name": "FEDORA-2016-3eb5a55123", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9555.json b/2016/9xxx/CVE-2016-9555.json index f188168b495..7299096db1f 100644 --- a/2016/9xxx/CVE-2016-9555.json +++ b/2016/9xxx/CVE-2016-9555.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/22/18" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1397930", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1397930" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6" - }, - { - "name" : "https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa134", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa134" - }, - { - "name" : "RHSA-2017:0086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0086.html" - }, - { - "name" : "RHSA-2017:0091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0091.html" - }, - { - "name" : "RHSA-2017:0113", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0113.html" - }, - { - "name" : "RHSA-2017:0307", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0307.html" - }, - { - "name" : "SUSE-SU-2016:3096", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:3113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:3116", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html" - }, - { - "name" : "SUSE-SU-2016:3117", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html" - }, - { - "name" : "SUSE-SU-2016:3169", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html" - }, - { - "name" : "SUSE-SU-2016:3183", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html" - }, - { - "name" : "SUSE-SU-2016:3197", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html" - }, - { - "name" : "SUSE-SU-2016:3205", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html" - }, - { - "name" : "SUSE-SU-2016:3206", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html" - }, - { - "name" : "SUSE-SU-2016:3247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html" - }, - { - "name" : "94479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94479" - }, - { - "name" : "1037339", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3096", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa134", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa134" + }, + { + "name": "SUSE-SU-2016:3206", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html" + }, + { + "name": "SUSE-SU-2016:3169", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html" + }, + { + "name": "1037339", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037339" + }, + { + "name": "SUSE-SU-2016:3117", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html" + }, + { + "name": "SUSE-SU-2016:3197", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6" + }, + { + "name": "https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk" + }, + { + "name": "RHSA-2017:0086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html" + }, + { + "name": "RHSA-2017:0113", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html" + }, + { + "name": "RHSA-2017:0091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html" + }, + { + "name": "94479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94479" + }, + { + "name": "SUSE-SU-2016:3247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html" + }, + { + "name": "[oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/22/18" + }, + { + "name": "SUSE-SU-2016:3183", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397930", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397930" + }, + { + "name": "SUSE-SU-2016:3116", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html" + }, + { + "name": "SUSE-SU-2016:3113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html" + }, + { + "name": "RHSA-2017:0307", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html" + }, + { + "name": "SUSE-SU-2016:3205", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9671.json b/2016/9xxx/CVE-2016-9671.json index 58b9bb90645..a09e1c2a0e3 100644 --- a/2016/9xxx/CVE-2016-9671.json +++ b/2016/9xxx/CVE-2016-9671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9671", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9671", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2402.json b/2019/2xxx/CVE-2019-2402.json index 9ae81b0c83f..a6799ea71a6 100644 --- a/2019/2xxx/CVE-2019-2402.json +++ b/2019/2xxx/CVE-2019-2402.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.10" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.10" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106573" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2613.json b/2019/2xxx/CVE-2019-2613.json index 39fba7afaed..f46fa87d493 100644 --- a/2019/2xxx/CVE-2019-2613.json +++ b/2019/2xxx/CVE-2019-2613.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2613", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2613", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file