diff --git a/2006/0xxx/CVE-2006-0103.json b/2006/0xxx/CVE-2006-0103.json index ffe4daecbea..a70b931d123 100644 --- a/2006/0xxx/CVE-2006-0103.json +++ b/2006/0xxx/CVE-2006-0103.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420933/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/14/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/14/summary.html" - }, - { - "name" : "20060417 Tiny PHP forum - vulns", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431133/100/0/threaded" - }, - { - "name" : "ADV-2006-0054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0054" - }, - { - "name" : "22257", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22257" - }, - { - "name" : "1015436", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015436" - }, - { - "name" : "18293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18293" - }, - { - "name" : "320", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/320" - }, - { - "name" : "tinyphpforum-users-information-disclosure(24016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015436", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015436" + }, + { + "name": "20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420933/100/0/threaded" + }, + { + "name": "22257", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22257" + }, + { + "name": "ADV-2006-0054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0054" + }, + { + "name": "18293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18293" + }, + { + "name": "320", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/320" + }, + { + "name": "tinyphpforum-users-information-disclosure(24016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24016" + }, + { + "name": "http://evuln.com/vulns/14/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/14/summary.html" + }, + { + "name": "20060417 Tiny PHP forum - vulns", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431133/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0172.json b/2006/0xxx/CVE-2006-0172.json index 1e101641de2..6f781af721f 100644 --- a/2006/0xxx/CVE-2006-0172.json +++ b/2006/0xxx/CVE-2006-0172.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060110 Multiple Vulnerabilities in Hummingbird Collaboration", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421392/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/advisories/sn-2006-01.html", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/advisories/sn-2006-01.html" - }, - { - "name" : "16195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16195" - }, - { - "name" : "ADV-2006-0145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0145" - }, - { - "name" : "18411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18411" - }, - { - "name" : "hummingbird-enterprise-xss(24067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0145" + }, + { + "name": "16195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16195" + }, + { + "name": "18411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18411" + }, + { + "name": "hummingbird-enterprise-xss(24067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24067" + }, + { + "name": "http://www.securenetwork.it/advisories/sn-2006-01.html", + "refsource": "MISC", + "url": "http://www.securenetwork.it/advisories/sn-2006-01.html" + }, + { + "name": "20060110 Multiple Vulnerabilities in Hummingbird Collaboration", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421392/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0832.json b/2006/0xxx/CVE-2006-0832.json index f34dda39fba..04e0b14d290 100644 --- a/2006/0xxx/CVE-2006-0832.json +++ b/2006/0xxx/CVE-2006-0832.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060218 SLQ Injection vulnerability in WPCeasy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425395/100/0/threaded" - }, - { - "name" : "16721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16721" - }, - { - "name" : "ADV-2006-0662", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0662" - }, - { - "name" : "18945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18945" - }, - { - "name" : "456", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "456", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/456" + }, + { + "name": "20060218 SLQ Injection vulnerability in WPCeasy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425395/100/0/threaded" + }, + { + "name": "ADV-2006-0662", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0662" + }, + { + "name": "16721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16721" + }, + { + "name": "18945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18945" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0933.json b/2006/0xxx/CVE-2006-0933.json index 42865b572f3..6ae4b1a0b4c 100644 --- a/2006/0xxx/CVE-2006-0933.json +++ b/2006/0xxx/CVE-2006-0933.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16799" - }, - { - "name" : "ADV-2006-0722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0722" - }, - { - "name" : "18688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18688" - }, - { - "name" : "phpx-xcode-tag-xss(24874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0722" + }, + { + "name": "16799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16799" + }, + { + "name": "18688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18688" + }, + { + "name": "phpx-xcode-tag-xss(24874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24874" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1167.json b/2006/1xxx/CVE-2006-1167.json index 7093e5b217d..0c7da525902 100644 --- a/2006/1xxx/CVE-2006-1167.json +++ b/2006/1xxx/CVE-2006-1167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security-info@sgi.com", + "ID": "CVE-2006-1167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060402-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" - }, - { - "name" : "24571", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24571" - }, - { - "name" : "19607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19607" + }, + { + "name": "20060402-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" + }, + { + "name": "24571", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24571" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1544.json b/2006/1xxx/CVE-2006-1544.json index 95be64ec7ff..3a44e7ebddf 100644 --- a/2006/1xxx/CVE-2006-1544.json +++ b/2006/1xxx/CVE-2006-1544.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 [eVuln] VNews Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430674/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/112", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/112" - }, - { - "name" : "17317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17317" - }, - { - "name" : "ADV-2006-1173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1173" - }, - { - "name" : "24275", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24275" - }, - { - "name" : "19435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19435" - }, - { - "name" : "vnews-news-xss(25530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060411 [eVuln] VNews Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430674/100/0/threaded" + }, + { + "name": "19435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19435" + }, + { + "name": "ADV-2006-1173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1173" + }, + { + "name": "http://www.evuln.com/vulns/112", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/112" + }, + { + "name": "24275", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24275" + }, + { + "name": "17317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17317" + }, + { + "name": "vnews-news-xss(25530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25530" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1585.json b/2006/1xxx/CVE-2006-1585.json index f02afc0747c..61bd14800b1 100644 --- a/2006/1xxx/CVE-2006-1585.json +++ b/2006/1xxx/CVE-2006-1585.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b) image_agrandir.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060331 MonAlbum 0.8.7 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429475/100/0/threaded" - }, - { - "name" : "http://www.bash-x.net/undef/adv/monalbum.html", - "refsource" : "MISC", - "url" : "http://www.bash-x.net/undef/adv/monalbum.html" - }, - { - "name" : "17327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17327" - }, - { - "name" : "ADV-2006-1206", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1206" - }, - { - "name" : "19503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19503" - }, - { - "name" : "660", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/660" - }, - { - "name" : "monalbum-image-imageagrandir-sql-injection(25572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b) image_agrandir.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060331 MonAlbum 0.8.7 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429475/100/0/threaded" + }, + { + "name": "ADV-2006-1206", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1206" + }, + { + "name": "http://www.bash-x.net/undef/adv/monalbum.html", + "refsource": "MISC", + "url": "http://www.bash-x.net/undef/adv/monalbum.html" + }, + { + "name": "monalbum-image-imageagrandir-sql-injection(25572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25572" + }, + { + "name": "17327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17327" + }, + { + "name": "19503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19503" + }, + { + "name": "660", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/660" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1754.json b/2006/1xxx/CVE-2006-1754.json index 5fda64c0874..34b6b6873c0 100644 --- a/2006/1xxx/CVE-2006-1754.json +++ b/2006/1xxx/CVE-2006-1754.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 Confixx 3.1.2 <= SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430671/100/0/threaded" - }, - { - "name" : "20060413 Re: Confixx 3.1.2 <= SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430890/100/0/threaded" - }, - { - "name" : "20060419 Confixx SQL Injection exploit (confixx_exploit.pl)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431421/100/0/threaded" - }, - { - "name" : "http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt", - "refsource" : "CONFIRM", - "url" : "http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt" - }, - { - "name" : "17476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17476" - }, - { - "name" : "ADV-2006-1331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1331" - }, - { - "name" : "19611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19611" - }, - { - "name" : "confixx-index-sql-injection(25749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17476" + }, + { + "name": "http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt", + "refsource": "CONFIRM", + "url": "http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt" + }, + { + "name": "20060419 Confixx SQL Injection exploit (confixx_exploit.pl)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431421/100/0/threaded" + }, + { + "name": "20060411 Confixx 3.1.2 <= SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430671/100/0/threaded" + }, + { + "name": "ADV-2006-1331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1331" + }, + { + "name": "19611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19611" + }, + { + "name": "confixx-index-sql-injection(25749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25749" + }, + { + "name": "20060413 Re: Confixx 3.1.2 <= SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430890/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1804.json b/2006/1xxx/CVE-2006-1804.json index b341f8927ca..bb87f768a15 100644 --- a/2006/1xxx/CVE-2006-1804.json +++ b/2006/1xxx/CVE-2006-1804.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 phpMyAdmin 2.7.0-pl1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431013/100/0/threaded" - }, - { - "name" : "SUSE-SR:2006:009", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_28.html" - }, - { - "name" : "ADV-2006-1372", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1372" - }, - { - "name" : "19659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19659" - }, - { - "name" : "19897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19897" - }, - { - "name" : "phpmyadmin-sql-sql-injection(25858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1372", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1372" + }, + { + "name": "19659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19659" + }, + { + "name": "20060412 phpMyAdmin 2.7.0-pl1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431013/100/0/threaded" + }, + { + "name": "phpmyadmin-sql-sql-injection(25858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25858" + }, + { + "name": "19897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19897" + }, + { + "name": "SUSE-SR:2006:009", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1953.json b/2006/1xxx/CVE-2006-1953.json index a38b842ad16..509fd27128f 100644 --- a/2006/1xxx/CVE-2006-1953.json +++ b/2006/1xxx/CVE-2006-1953.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a \"C:%5C\" (encoded drive letter) in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060516 Caucho Resin Windows Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434150/100/0/threaded" - }, - { - "name" : "20060516 Caucho Resin Windows Directory Traversal Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0026.html" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0024.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0024.html" - }, - { - "name" : "18005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18005" - }, - { - "name" : "ADV-2006-1831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1831" - }, - { - "name" : "25570", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25570" - }, - { - "name" : "1016109", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016109" - }, - { - "name" : "20125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20125" - }, - { - "name" : "904", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/904" - }, - { - "name" : "resin-webserver-directory-traversal(26478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a \"C:%5C\" (encoded drive letter) in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18005" + }, + { + "name": "20060516 Caucho Resin Windows Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434150/100/0/threaded" + }, + { + "name": "ADV-2006-1831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1831" + }, + { + "name": "resin-webserver-directory-traversal(26478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26478" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0024.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0024.html" + }, + { + "name": "1016109", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016109" + }, + { + "name": "25570", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25570" + }, + { + "name": "904", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/904" + }, + { + "name": "20125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20125" + }, + { + "name": "20060516 Caucho Resin Windows Directory Traversal Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0026.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4004.json b/2006/4xxx/CVE-2006-4004.json index 93ad8ab7488..2c2489f4c6c 100644 --- a/2006/4xxx/CVE-2006-4004.json +++ b/2006/4xxx/CVE-2006-4004.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2087", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2087" - }, - { - "name" : "http://www.phpportals.com/forums/showthread.php?t=17308", - "refsource" : "MISC", - "url" : "http://www.phpportals.com/forums/showthread.php?t=17308" - }, - { - "name" : "19257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19257" - }, - { - "name" : "ADV-2006-3102", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3102" - }, - { - "name" : "21287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21287" - }, - { - "name" : "vbportal-cookie-file-include(28077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpportals.com/forums/showthread.php?t=17308", + "refsource": "MISC", + "url": "http://www.phpportals.com/forums/showthread.php?t=17308" + }, + { + "name": "19257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19257" + }, + { + "name": "2087", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2087" + }, + { + "name": "vbportal-cookie-file-include(28077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28077" + }, + { + "name": "21287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21287" + }, + { + "name": "ADV-2006-3102", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3102" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4208.json b/2006/4xxx/CVE-2006-4208.json index 2e55d0b6310..153f038d3bb 100644 --- a/2006/4xxx/CVE-2006-4208.json +++ b/2006/4xxx/CVE-2006-4208.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443181/100/0/threaded" - }, - { - "name" : "http://trac.wordpress.org/changeset/4095", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/changeset/4095" - }, - { - "name" : "http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/", - "refsource" : "CONFIRM", - "url" : "http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/" - }, - { - "name" : "19504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19504" - }, - { - "name" : "ADV-2006-3280", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3280" - }, - { - "name" : "21486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21486" - }, - { - "name" : "1401", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1401" - }, - { - "name" : "wpdbbackup-edit-directory-traversal(28375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21486" + }, + { + "name": "http://trac.wordpress.org/changeset/4095", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/changeset/4095" + }, + { + "name": "http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/", + "refsource": "CONFIRM", + "url": "http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/" + }, + { + "name": "wpdbbackup-edit-directory-traversal(28375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28375" + }, + { + "name": "19504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19504" + }, + { + "name": "1401", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1401" + }, + { + "name": "20060814 Wordpress WP-DB Backup Plugin Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443181/100/0/threaded" + }, + { + "name": "ADV-2006-3280", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3280" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4924.json b/2006/4xxx/CVE-2006-4924.json index a59de5bf548..df1eea045a5 100644 --- a/2006/4xxx/CVE-2006-4924.json +++ b/2006/4xxx/CVE-2006-4924.json @@ -1,457 +1,457 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447153/100/0/threaded" - }, - { - "name" : "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2" - }, - { - "name" : "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability", - "refsource" : "MLIST", - "url" : "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=148228", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=148228" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-661", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-661" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=681763", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=681763" - }, - { - "name" : "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg", - "refsource" : "CONFIRM", - "url" : "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "DSA-1189", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1189" - }, - { - "name" : "DSA-1212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1212" - }, - { - "name" : "FreeBSD-SA-06:22.openssh", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc" - }, - { - "name" : "FreeBSD-SA-06:22", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc" - }, - { - "name" : "GLSA-200609-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-17.xml" - }, - { - "name" : "GLSA-200611-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-06.xml" - }, - { - "name" : "HPSBUX02178", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112" - }, - { - "name" : "SSRT061267", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112" - }, - { - "name" : "MDKSA-2006:179", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179" - }, - { - "name" : "[2.9] 015: SECURITY FIX: October 12, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#ssh" - }, - { - "name" : "OpenPKG-SA-2006.022", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html" - }, - { - "name" : "RHSA-2006:0698", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0698.html" - }, - { - "name" : "RHSA-2006:0697", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0697.html" - }, - { - "name" : "SCOSA-2008.2", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt" - }, - { - "name" : "20061001-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" - }, - { - "name" : "SSA:2006-272-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566" - }, - { - "name" : "102962", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1" - }, - { - "name" : "SUSE-SR:2006:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_24_sr.html" - }, - { - "name" : "SUSE-SA:2006:062", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_62_openssh.html" - }, - { - "name" : "2006-0054", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0054" - }, - { - "name" : "USN-355-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-355-1" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "VU#787448", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/787448" - }, - { - "name" : "20216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20216" - }, - { - "name" : "oval:org.mitre.oval:def:10462", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462" - }, - { - "name" : "34274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34274" - }, - { - "name" : "ADV-2006-3777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3777" - }, - { - "name" : "ADV-2006-4401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4401" - }, - { - "name" : "ADV-2006-4869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4869" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "ADV-2007-1332", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1332" - }, - { - "name" : "ADV-2007-2119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2119" - }, - { - "name" : "29152", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29152" - }, - { - "name" : "oval:org.mitre.oval:def:1193", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193" - }, - { - "name" : "1016931", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016931" - }, - { - "name" : "22091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22091" - }, - { - "name" : "21923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21923" - }, - { - "name" : "22164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22164" - }, - { - "name" : "22158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22158" - }, - { - "name" : "22183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22183" - }, - { - "name" : "22196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22196" - }, - { - "name" : "22236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22236" - }, - { - "name" : "22270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22270" - }, - { - "name" : "22116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22116" - }, - { - "name" : "22208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22208" - }, - { - "name" : "22245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22245" - }, - { - "name" : "22352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22352" - }, - { - "name" : "22362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22362" - }, - { - "name" : "22495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22495" - }, - { - "name" : "22487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22487" - }, - { - "name" : "22823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22823" - }, - { - "name" : "22926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22926" - }, - { - "name" : "23038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23038" - }, - { - "name" : "23241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23241" - }, - { - "name" : "22298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22298" - }, - { - "name" : "23340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23340" - }, - { - "name" : "23680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23680" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "24805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24805" - }, - { - "name" : "25608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25608" - }, - { - "name" : "24799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24799" - }, - { - "name" : "29371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29371" - }, - { - "name" : "ADV-2009-0740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0740" - }, - { - "name" : "openssh-block-dos(29158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-06:22", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=681763", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=681763" + }, + { + "name": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability" + }, + { + "name": "22270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22270" + }, + { + "name": "HPSBUX02178", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112" + }, + { + "name": "23038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23038" + }, + { + "name": "USN-355-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-355-1" + }, + { + "name": "2006-0054", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0054" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html" + }, + { + "name": "ADV-2006-4401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4401" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227" + }, + { + "name": "ADV-2009-0740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0740" + }, + { + "name": "22116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22116" + }, + { + "name": "21923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21923" + }, + { + "name": "24805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24805" + }, + { + "name": "23340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23340" + }, + { + "name": "[2.9] 015: SECURITY FIX: October 12, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#ssh" + }, + { + "name": "SUSE-SR:2006:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html" + }, + { + "name": "22487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22487" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "GLSA-200611-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=148228", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=148228" + }, + { + "name": "22164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22164" + }, + { + "name": "102962", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1" + }, + { + "name": "SUSE-SA:2006:062", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html" + }, + { + "name": "22362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22362" + }, + { + "name": "23680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23680" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "34274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34274" + }, + { + "name": "VU#787448", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/787448" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "1016931", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016931" + }, + { + "name": "ADV-2006-4869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4869" + }, + { + "name": "22298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22298" + }, + { + "name": "22352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22352" + }, + { + "name": "22236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22236" + }, + { + "name": "oval:org.mitre.oval:def:1193", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193" + }, + { + "name": "24799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24799" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955" + }, + { + "name": "22091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22091" + }, + { + "name": "SSRT061267", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112" + }, + { + "name": "22495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22495" + }, + { + "name": "ADV-2007-1332", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1332" + }, + { + "name": "20216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20216" + }, + { + "name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded" + }, + { + "name": "GLSA-200609-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-17.xml" + }, + { + "name": "22823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22823" + }, + { + "name": "FreeBSD-SA-06:22.openssh", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc" + }, + { + "name": "SSA:2006-272-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566" + }, + { + "name": "RHSA-2006:0697", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html" + }, + { + "name": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg", + "refsource": "CONFIRM", + "url": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg" + }, + { + "name": "ADV-2006-3777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3777" + }, + { + "name": "OpenPKG-SA-2006.022", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html" + }, + { + "name": "22183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22183" + }, + { + "name": "openssh-block-dos(29158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158" + }, + { + "name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released", + "refsource": "MLIST", + "url": "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2" + }, + { + "name": "23241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23241" + }, + { + "name": "ADV-2007-2119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2119" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability", + "refsource": "MLIST", + "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html" + }, + { + "name": "22926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22926" + }, + { + "name": "29371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29371" + }, + { + "name": "22208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22208" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html" + }, + { + "name": "22245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22245" + }, + { + "name": "20061001-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc" + }, + { + "name": "https://issues.rpath.com/browse/RPL-661", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-661" + }, + { + "name": "22196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22196" + }, + { + "name": "DSA-1212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1212" + }, + { + "name": "oval:org.mitre.oval:def:10462", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462" + }, + { + "name": "RHSA-2006:0698", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html" + }, + { + "name": "29152", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29152" + }, + { + "name": "25608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25608" + }, + { + "name": "22158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22158" + }, + { + "name": "MDKSA-2006:179", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179" + }, + { + "name": "DSA-1189", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1189" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm" + }, + { + "name": "SCOSA-2008.2", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5515.json b/2006/5xxx/CVE-2006-5515.json index ef03b693bc5..cbf2d35deae 100644 --- a/2006/5xxx/CVE-2006-5515.json +++ b/2006/5xxx/CVE-2006-5515.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 [PHPADSNEW-SA-2006-002] phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449484/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=457774&group_id=11386", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=457774&group_id=11386" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=457775&group_id=36679", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=457775&group_id=36679" - }, - { - "name" : "ADV-2006-4147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4147" - }, - { - "name" : "ADV-2006-4148", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4148" - }, - { - "name" : "22526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22526" - }, - { - "name" : "22529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22529" - }, - { - "name" : "1777", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1777" - }, - { - "name" : "phpadsnew-libhistory-xss(29766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpadsnew-libhistory-xss(29766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29766" + }, + { + "name": "ADV-2006-4147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4147" + }, + { + "name": "22526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22526" + }, + { + "name": "ADV-2006-4148", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4148" + }, + { + "name": "20061023 [PHPADSNEW-SA-2006-002] phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449484/100/0/threaded" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=457775&group_id=36679", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=457775&group_id=36679" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=457774&group_id=11386", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=457774&group_id=11386" + }, + { + "name": "1777", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1777" + }, + { + "name": "22529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22529" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5837.json b/2006/5xxx/CVE-2006-5837.json index 362b206f429..8d009de1ac7 100644 --- a/2006/5xxx/CVE-2006-5837.json +++ b/2006/5xxx/CVE-2006-5837.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2733", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2733" - }, - { - "name" : "20947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20947" - }, - { - "name" : "ADV-2006-4376", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4376" - }, - { - "name" : "22748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22748" - }, - { - "name" : "iware-postmessage-code-execution(30078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iware-postmessage-code-execution(30078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30078" + }, + { + "name": "22748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22748" + }, + { + "name": "ADV-2006-4376", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4376" + }, + { + "name": "20947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20947" + }, + { + "name": "2733", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2733" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0099.json b/2010/0xxx/CVE-2010-0099.json index 51a3e4334be..a9a5d20b0a9 100644 --- a/2010/0xxx/CVE-2010-0099.json +++ b/2010/0xxx/CVE-2010-0099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0099", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0092. Reason: This candidate is a duplicate of CVE-2010-0092. Notes: All CVE users should reference CVE-2010-0092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-0099", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0092. Reason: This candidate is a duplicate of CVE-2010-0092. Notes: All CVE users should reference CVE-2010-0092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0495.json b/2010/0xxx/CVE-2010-0495.json index e22859d7f53..c3df7a0d2a1 100644 --- a/2010/0xxx/CVE-2010-0495.json +++ b/2010/0xxx/CVE-2010-0495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0495", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-0495", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0637.json b/2010/0xxx/CVE-2010-0637.json index 127f0e10f7f..b6f8c3f431f 100644 --- a/2010/0xxx/CVE-2010-0637.json +++ b/2010/0xxx/CVE-2010-0637.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/133/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/133/45/" - }, - { - "name" : "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2", - "refsource" : "CONFIRM", - "url" : "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2" - }, - { - "name" : "38222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2", + "refsource": "CONFIRM", + "url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2" + }, + { + "name": "38222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38222" + }, + { + "name": "http://holisticinfosec.org/content/view/133/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/133/45/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2075.json b/2010/2xxx/CVE-2010-2075.json index 77eb4d930bb..264a6da74f3 100644 --- a/2010/2xxx/CVE-2010-2075.json +++ b/2010/2xxx/CVE-2010-2075.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13853", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13853" - }, - { - "name" : "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Jun/277" - }, - { - "name" : "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Jun/284" - }, - { - "name" : "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/14/11" - }, - { - "name" : "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt", - "refsource" : "CONFIRM", - "url" : "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt" - }, - { - "name" : "GLSA-201006-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201006-21.xml" - }, - { - "name" : "40820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40820" - }, - { - "name" : "65445", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65445" - }, - { - "name" : "40169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40169" - }, - { - "name" : "ADV-2010-1437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt", + "refsource": "CONFIRM", + "url": "http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt" + }, + { + "name": "ADV-2010-1437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1437" + }, + { + "name": "GLSA-201006-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201006-21.xml" + }, + { + "name": "65445", + "refsource": "OSVDB", + "url": "http://osvdb.org/65445" + }, + { + "name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/14/11" + }, + { + "name": "13853", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13853" + }, + { + "name": "40169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40169" + }, + { + "name": "20100612 Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Jun/277" + }, + { + "name": "40820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40820" + }, + { + "name": "20100612 Re: Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Jun/284" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2512.json b/2010/2xxx/CVE-2010-2512.json index 4c28c0a8993..db888ef670f 100644 --- a/2010/2xxx/CVE-2010-2512.json +++ b/2010/2xxx/CVE-2010-2512.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14008", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14008" - }, - { - "name" : "41109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41109" - }, - { - "name" : "65712", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65712" - }, - { - "name" : "40338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41109" + }, + { + "name": "65712", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65712" + }, + { + "name": "40338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40338" + }, + { + "name": "14008", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14008" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2610.json b/2010/2xxx/CVE-2010-2610.json index a1dd1d09c0b..02a3cbe9cc0 100644 --- a/2010/2xxx/CVE-2010-2610.json +++ b/2010/2xxx/CVE-2010-2610.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14025", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14025" - }, - { - "name" : "41123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41123" - }, - { - "name" : "65714", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65714" - }, - { - "name" : "65715", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65715" - }, - { - "name" : "65716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65716" - }, - { - "name" : "40301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40301" - }, - { - "name" : "jobsitescript-multiple-sql-injection(59733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14025", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14025" + }, + { + "name": "65714", + "refsource": "OSVDB", + "url": "http://osvdb.org/65714" + }, + { + "name": "65715", + "refsource": "OSVDB", + "url": "http://osvdb.org/65715" + }, + { + "name": "65716", + "refsource": "OSVDB", + "url": "http://osvdb.org/65716" + }, + { + "name": "40301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40301" + }, + { + "name": "jobsitescript-multiple-sql-injection(59733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59733" + }, + { + "name": "41123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41123" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3516.json b/2010/3xxx/CVE-2010-3516.json index 8b5b67a5688..a67cb66a3da 100644 --- a/2010/3xxx/CVE-2010-3516.json +++ b/2010/3xxx/CVE-2010-3516.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3959.json b/2010/3xxx/CVE-2010-3959.json index 7eb2b0601bf..1fb64cf6c83 100644 --- a/2010/3xxx/CVE-2010-3959.json +++ b/2010/3xxx/CVE-2010-3959.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka \"OpenType CMAP Table Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-091" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12280", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12280" - }, - { - "name" : "1024873", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka \"OpenType CMAP Table Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "1024873", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024873" + }, + { + "name": "oval:org.mitre.oval:def:12280", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12280" + }, + { + "name": "MS10-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-091" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3964.json b/2010/3xxx/CVE-2010-3964.json index d343c3d106d..09be0f4cd49 100644 --- a/2010/3xxx/CVE-2010-3964.json +++ b/2010/3xxx/CVE-2010-3964.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka \"Malformed Request Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-287/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-287/" - }, - { - "name" : "MS10-104", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "45264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45264" - }, - { - "name" : "69817", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69817" - }, - { - "name" : "oval:org.mitre.oval:def:11737", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11737" - }, - { - "name" : "1024886", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024886" - }, - { - "name" : "42631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42631" - }, - { - "name" : "ADV-2010-3226", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka \"Malformed Request Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69817", + "refsource": "OSVDB", + "url": "http://osvdb.org/69817" + }, + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-104", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104" + }, + { + "name": "ADV-2010-3226", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3226" + }, + { + "name": "1024886", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024886" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-287/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-287/" + }, + { + "name": "45264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45264" + }, + { + "name": "42631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42631" + }, + { + "name": "oval:org.mitre.oval:def:11737", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11737" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4156.json b/2010/4xxx/CVE-2010-4156.json index 84dac3df084..8b54a8ae49a 100644 --- a/2010/4xxx/CVE-2010-4156.json +++ b/2010/4xxx/CVE-2010-4156.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101107 CVE Request: PHP 5.3.3, libmbfl, mb_strcut", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/07/2" - }, - { - "name" : "[oss-security] 20101108 Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/08/13" - }, - { - "name" : "http://pastie.org/1279428", - "refsource" : "MISC", - "url" : "http://pastie.org/1279428" - }, - { - "name" : "http://pastie.org/1279682", - "refsource" : "MISC", - "url" : "http://pastie.org/1279682" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "FEDORA-2010-18976", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" - }, - { - "name" : "FEDORA-2010-19011", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" - }, - { - "name" : "HPSBMA02662", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "SSRT100409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "MDVSA-2010:225", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:225" - }, - { - "name" : "RHSA-2011:0196", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0196.html" - }, - { - "name" : "USN-1042-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1042-1" - }, - { - "name" : "44727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44727" - }, - { - "name" : "42135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42135" - }, - { - "name" : "42812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42812" - }, - { - "name" : "43189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43189" - }, - { - "name" : "ADV-2011-0020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0020" - }, - { - "name" : "ADV-2011-0021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0021" - }, - { - "name" : "ADV-2011-0077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0077" + }, + { + "name": "FEDORA-2010-19011", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" + }, + { + "name": "42812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42812" + }, + { + "name": "RHSA-2011:0196", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0196.html" + }, + { + "name": "HPSBMA02662", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "http://pastie.org/1279428", + "refsource": "MISC", + "url": "http://pastie.org/1279428" + }, + { + "name": "USN-1042-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1042-1" + }, + { + "name": "ADV-2011-0021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0021" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "44727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44727" + }, + { + "name": "[oss-security] 20101108 Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/08/13" + }, + { + "name": "MDVSA-2010:225", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:225" + }, + { + "name": "SSRT100409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "FEDORA-2010-18976", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" + }, + { + "name": "ADV-2011-0020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0020" + }, + { + "name": "43189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43189" + }, + { + "name": "42135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42135" + }, + { + "name": "http://pastie.org/1279682", + "refsource": "MISC", + "url": "http://pastie.org/1279682" + }, + { + "name": "[oss-security] 20101107 CVE Request: PHP 5.3.3, libmbfl, mb_strcut", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/07/2" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4406.json b/2010/4xxx/CVE-2010-4406.json index 42ae0f5aaa1..f481e7792a6 100644 --- a/2010/4xxx/CVE-2010-4406.json +++ b/2010/4xxx/CVE-2010-4406.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15656", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15656" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96296/littlephpgallery-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96296/littlephpgallery-lfi.txt" - }, - { - "name" : "45143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45143" - }, - { - "name" : "69564", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69564" - }, - { - "name" : "42444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45143" + }, + { + "name": "42444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42444" + }, + { + "name": "15656", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15656" + }, + { + "name": "http://packetstormsecurity.org/files/view/96296/littlephpgallery-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96296/littlephpgallery-lfi.txt" + }, + { + "name": "69564", + "refsource": "OSVDB", + "url": "http://osvdb.org/69564" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4728.json b/2010/4xxx/CVE-2010-4728.json index 8d15fb0dfb5..072c5d075b6 100644 --- a/2010/4xxx/CVE-2010-4728.json +++ b/2010/4xxx/CVE-2010-4728.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.zikula.org/core/ticket/2009", - "refsource" : "CONFIRM", - "url" : "http://code.zikula.org/core/ticket/2009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.zikula.org/core/ticket/2009", + "refsource": "CONFIRM", + "url": "http://code.zikula.org/core/ticket/2009" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4823.json b/2010/4xxx/CVE-2010-4823.json index a3b71259abc..f27975c04de 100644 --- a/2010/4xxx/CVE-2010-4823.json +++ b/2010/4xxx/CVE-2010-4823.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via \"missing URL actions.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110104 CVE request: silverstripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/03/12" - }, - { - "name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1" - }, - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/01/3" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4" - }, - { - "name" : "http://open.silverstripe.org/changeset/114444", - "refsource" : "CONFIRM", - "url" : "http://open.silverstripe.org/changeset/114444" - }, - { - "name" : "45367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45367" - }, - { - "name" : "69886", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69886" - }, - { - "name" : "42346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42346" - }, - { - "name" : "silverstripe-requesthandler-xss(63988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via \"missing URL actions.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69886", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69886" + }, + { + "name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/01/3" + }, + { + "name": "45367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45367" + }, + { + "name": "42346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42346" + }, + { + "name": "silverstripe-requesthandler-xss(63988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988" + }, + { + "name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/1" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + }, + { + "name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/03/12" + }, + { + "name": "http://open.silverstripe.org/changeset/114444", + "refsource": "CONFIRM", + "url": "http://open.silverstripe.org/changeset/114444" + }, + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1192.json b/2011/1xxx/CVE-2011-1192.json index cdeaaeba11a..0f9adfce6ba 100644 --- a/2011/1xxx/CVE-2011-1192.json +++ b/2011/1xxx/CVE-2011-1192.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70779", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70779" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "https://docs.google.com/a/google.com/document/d/1YoJbpG0uTz0TI3VhRPLQxGP6hkOYwpv4t7ZJDofBC-A/edit?hl=en&authkey=CPWzgZAG", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/a/google.com/document/d/1YoJbpG0uTz0TI3VhRPLQxGP6hkOYwpv4t7ZJDofBC-A/edit?hl=en&authkey=CPWzgZAG" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:13990", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13990" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-unicode-unspecified(65956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "https://docs.google.com/a/google.com/document/d/1YoJbpG0uTz0TI3VhRPLQxGP6hkOYwpv4t7ZJDofBC-A/edit?hl=en&authkey=CPWzgZAG", + "refsource": "CONFIRM", + "url": "https://docs.google.com/a/google.com/document/d/1YoJbpG0uTz0TI3VhRPLQxGP6hkOYwpv4t7ZJDofBC-A/edit?hl=en&authkey=CPWzgZAG" + }, + { + "name": "google-unicode-unspecified(65956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65956" + }, + { + "name": "oval:org.mitre.oval:def:13990", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13990" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70779", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70779" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5203.json b/2011/5xxx/CVE-2011-5203.json index 9727a4a7c6f..8e98d61aa33 100644 --- a/2011/5xxx/CVE-2011-5203.json +++ b/2011/5xxx/CVE-2011-5203.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18293", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18293" - }, - { - "name" : "20111229 Akiva Webboard 8.x SQL Injection + Plaintext Passwords.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0475.html" - }, - { - "name" : "51210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51210" - }, - { - "name" : "78069", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78069" - }, - { - "name" : "47318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47318" - }, - { - "name" : "webboard-default-sql-injection(72036)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111229 Akiva Webboard 8.x SQL Injection + Plaintext Passwords.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0475.html" + }, + { + "name": "webboard-default-sql-injection(72036)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72036" + }, + { + "name": "51210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51210" + }, + { + "name": "78069", + "refsource": "OSVDB", + "url": "http://osvdb.org/78069" + }, + { + "name": "47318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47318" + }, + { + "name": "18293", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18293" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5247.json b/2011/5xxx/CVE-2011-5247.json index b4d17877ca3..1b758763437 100644 --- a/2011/5xxx/CVE-2011-5247.json +++ b/2011/5xxx/CVE-2011-5247.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5247", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5247", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3040.json b/2014/3xxx/CVE-2014-3040.json index 713c0867754..91cd04ee595 100644 --- a/2014/3xxx/CVE-2014-3040.json +++ b/2014/3xxx/CVE-2014-3040.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680370", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680370" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680665", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680665" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277" - }, - { - "name" : "60480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60480" - }, - { - "name" : "60479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60479" - }, - { - "name" : "60481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60481" - }, - { - "name" : "ibm-emptoris-cve20143040-csrf(93306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60480" + }, + { + "name": "60479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60479" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277" + }, + { + "name": "60481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60481" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665" + }, + { + "name": "ibm-emptoris-cve20143040-csrf(93306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3274.json b/2014/3xxx/CVE-2014-3274.json index 07fc066c7d5..3b627c80acd 100644 --- a/2014/3xxx/CVE-2014-3274.json +++ b/2014/3xxx/CVE-2014-3274.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327" - }, - { - "name" : "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274" - }, - { - "name" : "1030272", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327" + }, + { + "name": "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274" + }, + { + "name": "1030272", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030272" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3421.json b/2014/3xxx/CVE-2014-3421.json index 5914bd41a97..f93bfaa168a 100644 --- a/2014/3xxx/CVE-2014-3421.json +++ b/2014/3xxx/CVE-2014-3421.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html" - }, - { - "name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/07/7" - }, - { - "name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", - "refsource" : "CONFIRM", - "url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0250.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0250.html" - }, - { - "name" : "MDVSA-2015:117", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/07/7" + }, + { + "name": "[emacs-diffs] 20140506 emacs-24 r117066: * gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html" + }, + { + "name": "MDVSA-2015:117", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0250.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0250.html" + }, + { + "name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8", + "refsource": "CONFIRM", + "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3796.json b/2014/3xxx/CVE-2014-3796.json index b1db64a0a45..bdd3ecdd8d6 100644 --- a/2014/3xxx/CVE-2014-3796.json +++ b/2014/3xxx/CVE-2014-3796.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0009.html" - }, - { - "name" : "1030835", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030835" - }, - { - "name" : "59938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59938" - }, - { - "name" : "vmware-vcns-cve20143796-info-disc(95926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0009.html" + }, + { + "name": "1030835", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030835" + }, + { + "name": "59938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59938" + }, + { + "name": "vmware-vcns-cve20143796-info-disc(95926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95926" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4312.json b/2014/4xxx/CVE-2014-4312.json index 367de711c4a..0675379cd49 100644 --- a/2014/4xxx/CVE-2014-4312.json +++ b/2014/4xxx/CVE-2014-4312.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to \"Order to consume\"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34864", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34864" - }, - { - "name" : "20141001 Epicor Enterprise vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/2" - }, - { - "name" : "http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html" - }, - { - "name" : "70192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70192" - }, - { - "name" : "112464", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112464" - }, - { - "name" : "112465", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112465" - }, - { - "name" : "112466", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112466" - }, - { - "name" : "112467", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112467" - }, - { - "name" : "112469", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112469" - }, - { - "name" : "112470", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112470" - }, - { - "name" : "112471", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/112471" - }, - { - "name" : "epicor-cve20144312-xss(96793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to \"Order to consume\"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "112470", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112470" + }, + { + "name": "70192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70192" + }, + { + "name": "112471", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112471" + }, + { + "name": "34864", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34864" + }, + { + "name": "112469", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112469" + }, + { + "name": "112467", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112467" + }, + { + "name": "20141001 Epicor Enterprise vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/2" + }, + { + "name": "epicor-cve20144312-xss(96793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96793" + }, + { + "name": "112464", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112464" + }, + { + "name": "112466", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112466" + }, + { + "name": "112465", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/112465" + }, + { + "name": "http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4564.json b/2014/4xxx/CVE-2014-4564.json index 3f33922aab1..00bf821eeed 100644 --- a/2014/4xxx/CVE-2014-4564.json +++ b/2014/4xxx/CVE-2014-4564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7835.json b/2014/7xxx/CVE-2014-7835.json index 969c4f88f91..e47d26514bb 100644 --- a/2014/7xxx/CVE-2014-7835.json +++ b/2014/7xxx/CVE-2014-7835.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275161", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275161" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275161", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275161" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8236.json b/2014/8xxx/CVE-2014-8236.json index 550ed4cdfaa..b4addb7e6ef 100644 --- a/2014/8xxx/CVE-2014-8236.json +++ b/2014/8xxx/CVE-2014-8236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8236", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8236", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8336.json b/2014/8xxx/CVE-2014-8336.json index 121fa432909..de85ca8dad1 100644 --- a/2014/8xxx/CVE-2014-8336.json +++ b/2014/8xxx/CVE-2014-8336.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Sql Run Query\" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141021 Re: Vulnerabilities in WordPress Database Manager v2.7.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/21/3" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html" - }, - { - "name" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", - "refsource" : "CONFIRM", - "url" : "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a" - }, - { - "name" : "https://wordpress.org/plugins/wp-dbmanager/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-dbmanager/#developers" - }, - { - "name" : "dbmgr-wordpress-cve20148336-file-download(97694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Sql Run Query\" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a", + "refsource": "CONFIRM", + "url": "https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a" + }, + { + "name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html" + }, + { + "name": "dbmgr-wordpress-cve20148336-file-download(97694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97694" + }, + { + "name": "https://wordpress.org/plugins/wp-dbmanager/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-dbmanager/#developers" + }, + { + "name": "[oss-security] 20141021 Re: Vulnerabilities in WordPress Database Manager v2.7.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/21/3" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8788.json b/2014/8xxx/CVE-2014-8788.json index f8db033edff..5e7b2703183 100644 --- a/2014/8xxx/CVE-2014-8788.json +++ b/2014/8xxx/CVE-2014-8788.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141127 FileVista < v6.0.8.0 Insecure zip file handling", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/87" - }, - { - "name" : "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html" - }, - { - "name" : "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx", - "refsource" : "CONFIRM", - "url" : "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141127 FileVista < v6.0.8.0 Insecure zip file handling", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/87" + }, + { + "name": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx", + "refsource": "CONFIRM", + "url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx" + }, + { + "name": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9029.json b/2014/9xxx/CVE-2014-9029.json index fe9bf3361f2..aa6b0841fe6 100644 --- a/2014/9xxx/CVE-2014-9029.json +++ b/2014/9xxx/CVE-2014-9029.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141204 [oCERT-2014-009] JasPer input sanitization errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534153/100/0/threaded" - }, - { - "name" : "[oss-security] 20141204 [oCERT-2014-009] JasPer input sanitization errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/12/04/9" - }, - { - "name" : "http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2014-009.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2014-009.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1167537", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1167537" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0514.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0514.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3089", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3089" - }, - { - "name" : "MDVSA-2014:247", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:247" - }, - { - "name" : "MDVSA-2015:159", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159" - }, - { - "name" : "RHSA-2014:2021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-2021.html" - }, - { - "name" : "RHSA-2015:0698", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html" - }, - { - "name" : "SSA:2015-302-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" - }, - { - "name" : "USN-2434-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2434-1" - }, - { - "name" : "USN-2434-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2434-2" - }, - { - "name" : "71476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71476" - }, - { - "name" : "61747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61747" - }, - { - "name" : "62828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62828" - }, - { - "name" : "jasper-cve20149029-bo(99125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141204 [oCERT-2014-009] JasPer input sanitization errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/12/04/9" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2014-009.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2014-009.html" + }, + { + "name": "jasper-cve20149029-bo(99125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99125" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0514.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0514.html" + }, + { + "name": "USN-2434-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2434-1" + }, + { + "name": "USN-2434-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2434-2" + }, + { + "name": "71476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71476" + }, + { + "name": "MDVSA-2014:247", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:247" + }, + { + "name": "61747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61747" + }, + { + "name": "62828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62828" + }, + { + "name": "20141204 [oCERT-2014-009] JasPer input sanitization errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534153/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html" + }, + { + "name": "RHSA-2015:0698", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1167537", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167537" + }, + { + "name": "RHSA-2014:2021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-2021.html" + }, + { + "name": "DSA-3089", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3089" + }, + { + "name": "SSA:2015-302-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" + }, + { + "name": "MDVSA-2015:159", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9187.json b/2014/9xxx/CVE-2014-9187.json index 71801639a01..57b043a1f3d 100644 --- a/2014/9xxx/CVE-2014-9187.json +++ b/2014/9xxx/CVE-2014-9187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9187", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9786.json b/2014/9xxx/CVE-2014-9786.json index ff259176c22..784131b1d0a 100644 --- a/2014/9xxx/CVE-2014-9786.json +++ b/2014/9xxx/CVE-2014-9786.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2021.json b/2016/2xxx/CVE-2016-2021.json index 1cb4137f877..2fe5cdff332 100644 --- a/2016/2xxx/CVE-2016-2021.json +++ b/2016/2xxx/CVE-2016-2021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2351.json b/2016/2xxx/CVE-2016-2351.json index 1a07328c4f4..8a0a73f03cd 100644 --- a/2016/2xxx/CVE-2016-2351.json +++ b/2016/2xxx/CVE-2016-2351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/", - "refsource" : "MISC", - "url" : "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/" - }, - { - "name" : "VU#505560", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/505560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/", + "refsource": "MISC", + "url": "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/" + }, + { + "name": "VU#505560", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/505560" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2493.json b/2016/2xxx/CVE-2016-2493.json index ec2ea4f26ea..0fab59d473c 100644 --- a/2016/2xxx/CVE-2016-2493.json +++ b/2016/2xxx/CVE-2016-2493.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2753.json b/2016/2xxx/CVE-2016-2753.json index 669e4c6298c..e439d570bbe 100644 --- a/2016/2xxx/CVE-2016-2753.json +++ b/2016/2xxx/CVE-2016-2753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2753", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2753", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2838.json b/2016/2xxx/CVE-2016-2838.json index f7c2f164b53..1835b565ff8 100644 --- a/2016/2xxx/CVE-2016-2838.json +++ b/2016/2xxx/CVE-2016-2838.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-64.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-64.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1279814", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1279814" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3640", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3640" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "RHSA-2016:1551", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1551.html" - }, - { - "name" : "openSUSE-SU-2016:1964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:2026", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html" - }, - { - "name" : "USN-3044-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3044-1" - }, - { - "name" : "92261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92261" - }, - { - "name" : "1036508", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3640", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3640" + }, + { + "name": "1036508", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036508" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "USN-3044-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3044-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-64.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-64.html" + }, + { + "name": "RHSA-2016:1551", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1279814", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1279814" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "openSUSE-SU-2016:1964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html" + }, + { + "name": "92261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92261" + }, + { + "name": "openSUSE-SU-2016:2026", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3719.json b/2016/3xxx/CVE-2016-3719.json index 8aee31936f4..60008f97704 100644 --- a/2016/3xxx/CVE-2016-3719.json +++ b/2016/3xxx/CVE-2016-3719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3719", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3719", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6063.json b/2016/6xxx/CVE-2016-6063.json index 7552f539a3b..53a014ad39f 100644 --- a/2016/6xxx/CVE-2016-6063.json +++ b/2016/6xxx/CVE-2016-6063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6227.json b/2016/6xxx/CVE-2016-6227.json index 699a77197d2..2aa23ff5b0d 100644 --- a/2016/6xxx/CVE-2016-6227.json +++ b/2016/6xxx/CVE-2016-6227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6305.json b/2016/6xxx/CVE-2016-6305.json index 11cf215cf4d..43e7f4e7630 100644 --- a/2016/6xxx/CVE-2016-6305.json +++ b/2016/6xxx/CVE-2016-6305.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9" - }, - { - "name" : "https://github.com/openssl/openssl/issues/1563", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssl/openssl/issues/1563" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160922.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160922.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa132", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa132" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "93149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93149" - }, - { - "name" : "1036879", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openssl.org/news/secadv/20160922.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160922.txt" + }, + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1036879", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036879" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "93149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93149" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "https://github.com/openssl/openssl/issues/1563", + "refsource": "CONFIRM", + "url": "https://github.com/openssl/openssl/issues/1563" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6306.json b/2016/6xxx/CVE-2016-6306.json index f390d403765..7f893330803 100644 --- a/2016/6xxx/CVE-2016-6306.json +++ b/2016/6xxx/CVE-2016-6306.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" - }, - { - "name" : "https://www.openssl.org/news/secadv/20160922.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20160922.txt" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa132", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa132" - }, - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-20", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-20" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" - }, - { - "name" : "FreeBSD-SA-16:26", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" - }, - { - "name" : "GLSA-201612-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-16" - }, - { - "name" : "RHSA-2016:1940", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1940.html" - }, - { - "name" : "RHSA-2018:2185", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2185" - }, - { - "name" : "RHSA-2018:2186", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2186" - }, - { - "name" : "RHSA-2018:2187", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2187" - }, - { - "name" : "SUSE-SU-2016:2470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" - }, - { - "name" : "93153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93153" - }, - { - "name" : "1036885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openssl.org/news/secadv/20160922.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20160922.txt" + }, + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "RHSA-2018:2185", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2185" + }, + { + "name": "RHSA-2018:2186", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2186" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "93153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93153" + }, + { + "name": "RHSA-2016:1940", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "GLSA-201612-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-16" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" + }, + { + "name": "1036885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036885" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" + }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "FreeBSD-SA-16:26", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" + }, + { + "name": "SUSE-SU-2016:2470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" + }, + { + "name": "RHSA-2018:2187", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2187" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6586.json b/2016/6xxx/CVE-2016-6586.json index 9e864f3697f..23421df4abb 100644 --- a/2016/6xxx/CVE-2016-6586.json +++ b/2016/6xxx/CVE-2016-6586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7002.json b/2016/7xxx/CVE-2016-7002.json index 6b4ce8a24ab..73f09ded5a9 100644 --- a/2016/7xxx/CVE-2016-7002.json +++ b/2016/7xxx/CVE-2016-7002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7253.json b/2016/7xxx/CVE-2016-7253.json index 527fb0648bf..0a120b279e0 100644 --- a/2016/7xxx/CVE-2016-7253.json +++ b/2016/7xxx/CVE-2016-7253.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka \"SQL Server Agent Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-136", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" - }, - { - "name" : "94056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94056" - }, - { - "name" : "1037250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka \"SQL Server Agent Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037250" + }, + { + "name": "MS16-136", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136" + }, + { + "name": "94056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94056" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7461.json b/2016/7xxx/CVE-2016-7461.json index bf26c12dad5..6fe45468cca 100644 --- a/2016/7xxx/CVE-2016-7461.json +++ b/2016/7xxx/CVE-2016-7461.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2016-7461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2016-7461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2016-0019.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2016-0019.html" - }, - { - "name" : "94280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94280" - }, - { - "name" : "1037282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94280" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html" + }, + { + "name": "1037282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037282" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7641.json b/2016/7xxx/CVE-2016-7641.json index ce89cc84230..0c757429d89 100644 --- a/2016/7xxx/CVE-2016-7641.json +++ b/2016/7xxx/CVE-2016-7641.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7978.json b/2016/7xxx/CVE-2016-7978.json index 218066020c3..25f51423e20 100644 --- a/2016/7xxx/CVE-2016-7978.json +++ b/2016/7xxx/CVE-2016-7978.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161005 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/15" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697179", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697179" - }, - { - "name" : "DSA-3691", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3691" - }, - { - "name" : "GLSA-201702-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-31" - }, - { - "name" : "RHSA-2017:0013", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0013.html" - }, - { - "name" : "95336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3691", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3691" + }, + { + "name": "95336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95336" + }, + { + "name": "RHSA-2017:0013", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697179", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697179" + }, + { + "name": "[oss-security] 20161005 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/15" + }, + { + "name": "GLSA-201702-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-31" + } + ] + } +} \ No newline at end of file