From 2f69dc0fcc7b5026b0cac2c62e20d3be942d68b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:49:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0156.json | 180 +++++++-------- 2006/0xxx/CVE-2006-0178.json | 140 ++++++------ 2006/0xxx/CVE-2006-0198.json | 150 ++++++------- 2006/0xxx/CVE-2006-0807.json | 220 +++++++++--------- 2006/1xxx/CVE-2006-1103.json | 160 ++++++------- 2006/1xxx/CVE-2006-1204.json | 200 ++++++++--------- 2006/1xxx/CVE-2006-1404.json | 170 +++++++------- 2006/1xxx/CVE-2006-1771.json | 170 +++++++------- 2006/3xxx/CVE-2006-3355.json | 150 ++++++------- 2006/4xxx/CVE-2006-4776.json | 230 +++++++++---------- 2006/5xxx/CVE-2006-5518.json | 200 ++++++++--------- 2010/2xxx/CVE-2010-2053.json | 230 +++++++++---------- 2010/2xxx/CVE-2010-2285.json | 250 ++++++++++----------- 2010/2xxx/CVE-2010-2327.json | 160 ++++++------- 2010/2xxx/CVE-2010-2459.json | 160 ++++++------- 2010/2xxx/CVE-2010-2484.json | 200 ++++++++--------- 2010/2xxx/CVE-2010-2994.json | 190 ++++++++-------- 2010/3xxx/CVE-2010-3039.json | 190 ++++++++-------- 2010/3xxx/CVE-2010-3356.json | 34 +-- 2010/3xxx/CVE-2010-3475.json | 200 ++++++++--------- 2010/3xxx/CVE-2010-3651.json | 34 +-- 2010/4xxx/CVE-2010-4238.json | 200 ++++++++--------- 2010/4xxx/CVE-2010-4715.json | 160 ++++++------- 2010/4xxx/CVE-2010-4722.json | 120 +++++----- 2010/4xxx/CVE-2010-4784.json | 180 +++++++-------- 2010/4xxx/CVE-2010-4798.json | 140 ++++++------ 2010/4xxx/CVE-2010-4875.json | 170 +++++++------- 2011/1xxx/CVE-2011-1002.json | 420 +++++++++++++++++------------------ 2011/1xxx/CVE-2011-1659.json | 240 ++++++++++---------- 2011/5xxx/CVE-2011-5163.json | 180 +++++++-------- 2014/3xxx/CVE-2014-3347.json | 160 ++++++------- 2014/3xxx/CVE-2014-3403.json | 120 +++++----- 2014/3xxx/CVE-2014-3716.json | 160 ++++++------- 2014/3xxx/CVE-2014-3727.json | 34 +-- 2014/7xxx/CVE-2014-7454.json | 140 ++++++------ 2014/8xxx/CVE-2014-8057.json | 34 +-- 2014/8xxx/CVE-2014-8200.json | 34 +-- 2014/8xxx/CVE-2014-8422.json | 130 +++++------ 2014/8xxx/CVE-2014-8487.json | 130 +++++------ 2014/8xxx/CVE-2014-8577.json | 200 ++++++++--------- 2014/9xxx/CVE-2014-9405.json | 34 +-- 2014/9xxx/CVE-2014-9461.json | 140 ++++++------ 2014/9xxx/CVE-2014-9711.json | 220 +++++++++--------- 2014/9xxx/CVE-2014-9905.json | 170 +++++++------- 2016/2xxx/CVE-2016-2295.json | 130 +++++------ 2016/2xxx/CVE-2016-2445.json | 120 +++++----- 2016/6xxx/CVE-2016-6200.json | 34 +-- 2016/6xxx/CVE-2016-6665.json | 34 +-- 2016/7xxx/CVE-2016-7014.json | 140 ++++++------ 2016/7xxx/CVE-2016-7326.json | 34 +-- 2016/7xxx/CVE-2016-7867.json | 200 ++++++++--------- 2016/7xxx/CVE-2016-7897.json | 34 +-- 2017/5xxx/CVE-2017-5098.json | 170 +++++++------- 2017/5xxx/CVE-2017-5810.json | 142 ++++++------ 54 files changed, 4086 insertions(+), 4086 deletions(-) diff --git a/2006/0xxx/CVE-2006-0156.json b/2006/0xxx/CVE-2006-0156.json index e30e2b1301b..f60ba2ac785 100644 --- a/2006/0xxx/CVE-2006-0156.json +++ b/2006/0xxx/CVE-2006-0156.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060109 [eVuln] Foxrum BBCode XSS Vulnerabilty", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421277/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/20", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/20" - }, - { - "name" : "16172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16172" - }, - { - "name" : "ADV-2006-0121", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0121" - }, - { - "name" : "18386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18386" - }, - { - "name" : "325", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/325" - }, - { - "name" : "foxrum-bbcode-xss(24043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16172" + }, + { + "name": "http://evuln.com/vulns/20", + "refsource": "MISC", + "url": "http://evuln.com/vulns/20" + }, + { + "name": "325", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/325" + }, + { + "name": "foxrum-bbcode-xss(24043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24043" + }, + { + "name": "ADV-2006-0121", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0121" + }, + { + "name": "20060109 [eVuln] Foxrum BBCode XSS Vulnerabilty", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421277/100/0/threaded" + }, + { + "name": "18386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18386" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0178.json b/2006/0xxx/CVE-2006-0178.json index f11d4113b9f..b9761a8b432 100644 --- a/2006/0xxx/CVE-2006-0178.json +++ b/2006/0xxx/CVE-2006-0178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060110 SUID root overflows in UNICOS and partial shellcode", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html" - }, - { - "name" : "16205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16205" - }, - { - "name" : "unicos-ftp-format-string(24277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16205" + }, + { + "name": "unicos-ftp-format-string(24277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24277" + }, + { + "name": "20060110 SUID root overflows in UNICOS and partial shellcode", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0198.json b/2006/0xxx/CVE-2006-0198.json index 94563606262..346aaf3b7f1 100644 --- a/2006/0xxx/CVE-2006-0198.json +++ b/2006/0xxx/CVE-2006-0198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060107 Xoops Pool Module IMG Tag Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421325/100/0/threaded" - }, - { - "name" : "http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=45637&forum=2&post_id=200481", - "refsource" : "MISC", - "url" : "http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=45637&forum=2&post_id=200481" - }, - { - "name" : "16189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16189" - }, - { - "name" : "xoops-pool-imagetag-xss(24091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xoops-pool-imagetag-xss(24091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24091" + }, + { + "name": "16189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16189" + }, + { + "name": "http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=45637&forum=2&post_id=200481", + "refsource": "MISC", + "url": "http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=45637&forum=2&post_id=200481" + }, + { + "name": "20060107 Xoops Pool Module IMG Tag Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421325/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0807.json b/2006/0xxx/CVE-2006-0807.json index 6c70634388b..72c1920a744 100644 --- a/2006/0xxx/CVE-2006-0807.json +++ b/2006/0xxx/CVE-2006-0807.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060220 Secunia Research: NJStar Word Processor Font Name Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425498/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-5/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-5/advisory/" - }, - { - "name" : "http://www.njstar.com/njstar/chinese/", - "refsource" : "CONFIRM", - "url" : "http://www.njstar.com/njstar/chinese/" - }, - { - "name" : "http://www.njstar.com/njstar/japanese/", - "refsource" : "CONFIRM", - "url" : "http://www.njstar.com/njstar/japanese/" - }, - { - "name" : "16737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16737" - }, - { - "name" : "ADV-2006-0670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0670" - }, - { - "name" : "23354", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23354" - }, - { - "name" : "1015649", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015649" - }, - { - "name" : "18702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18702" - }, - { - "name" : "461", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/461" - }, - { - "name" : "njstar-font-name-bo(24773)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0670" + }, + { + "name": "njstar-font-name-bo(24773)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24773" + }, + { + "name": "http://www.njstar.com/njstar/chinese/", + "refsource": "CONFIRM", + "url": "http://www.njstar.com/njstar/chinese/" + }, + { + "name": "18702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18702" + }, + { + "name": "461", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/461" + }, + { + "name": "http://www.njstar.com/njstar/japanese/", + "refsource": "CONFIRM", + "url": "http://www.njstar.com/njstar/japanese/" + }, + { + "name": "16737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16737" + }, + { + "name": "23354", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23354" + }, + { + "name": "http://secunia.com/secunia_research/2006-5/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-5/advisory/" + }, + { + "name": "20060220 Secunia Research: NJStar Word Processor Font Name Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425498/100/0/threaded" + }, + { + "name": "1015649", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015649" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1103.json b/2006/1xxx/CVE-2006-1103.json index f54f2c75908..cd1815f6dd6 100644 --- a/2006/1xxx/CVE-2006-1103.json +++ b/2006/1xxx/CVE-2006-1103.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060306 Multiple vulnerabilities in Sauerbraten engine 2006_02_28", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426865/100/0/threaded" - }, - { - "name" : "16986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16986" - }, - { - "name" : "ADV-2006-0848", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0848" - }, - { - "name" : "550", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/550" - }, - { - "name" : "sauerbraten-engineserver-dos(25087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sauerbraten-engineserver-dos(25087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25087" + }, + { + "name": "16986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16986" + }, + { + "name": "20060306 Multiple vulnerabilities in Sauerbraten engine 2006_02_28", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426865/100/0/threaded" + }, + { + "name": "550", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/550" + }, + { + "name": "ADV-2006-0848", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0848" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1204.json b/2006/1xxx/CVE-2006-1204.json index db7d0824914..3a7895c44b6 100644 --- a/2006/1xxx/CVE-2006-1204.json +++ b/2006/1xxx/CVE-2006-1204.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 txtForum: Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427186/100/0/threaded" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-003.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-003.txt" - }, - { - "name" : "17054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17054" - }, - { - "name" : "23953", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23953" - }, - { - "name" : "23954", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23954" - }, - { - "name" : "23955", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23955" - }, - { - "name" : "23956", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23956" - }, - { - "name" : "23957", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23957" - }, - { - "name" : "txtforum-multiple-xss(25132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23957", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23957" + }, + { + "name": "17054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17054" + }, + { + "name": "23953", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23953" + }, + { + "name": "23956", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23956" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-003.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-003.txt" + }, + { + "name": "23955", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23955" + }, + { + "name": "txtforum-multiple-xss(25132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25132" + }, + { + "name": "23954", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23954" + }, + { + "name": "20060309 txtForum: Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427186/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1404.json b/2006/1xxx/CVE-2006-1404.json index 97434ef001b..93bfb60f011 100644 --- a/2006/1xxx/CVE-2006-1404.json +++ b/2006/1xxx/CVE-2006-1404.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/blankol-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/blankol-xss-vuln.html" - }, - { - "name" : "17265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17265" - }, - { - "name" : "ADV-2006-1111", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1111" - }, - { - "name" : "24124", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24124" - }, - { - "name" : "19387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19387" - }, - { - "name" : "blankol-bol-xss(25488)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "blankol-bol-xss(25488)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25488" + }, + { + "name": "ADV-2006-1111", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1111" + }, + { + "name": "24124", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24124" + }, + { + "name": "19387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19387" + }, + { + "name": "17265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17265" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/blankol-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/blankol-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1771.json b/2006/1xxx/CVE-2006-1771.json index c56747f96a7..01070991d60 100644 --- a/2006/1xxx/CVE-2006-1771.json +++ b/2006/1xxx/CVE-2006-1771.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 SAXoPRESS - directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430707/100/0/threaded" - }, - { - "name" : "20060412 Re: SAXoPRESS - directory traversal aka Saxotech Online", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431037/30/5580/threaded" - }, - { - "name" : "17474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17474" - }, - { - "name" : "ADV-2006-1327", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1327" - }, - { - "name" : "19566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19566" - }, - { - "name" : "saxopress-pbcs-directory-traversal(25768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1327", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1327" + }, + { + "name": "20060412 Re: SAXoPRESS - directory traversal aka Saxotech Online", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431037/30/5580/threaded" + }, + { + "name": "17474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17474" + }, + { + "name": "19566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19566" + }, + { + "name": "saxopress-pbcs-directory-traversal(25768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25768" + }, + { + "name": "20060411 SAXoPRESS - directory traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430707/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3355.json b/2006/3xxx/CVE-2006-3355.json index 31b8a8ef487..7eca757aa9e 100644 --- a/2006/3xxx/CVE-2006-3355.json +++ b/2006/3xxx/CVE-2006-3355.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=133988", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=133988" - }, - { - "name" : "GLSA-200607-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200607-01.xml" - }, - { - "name" : "18794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18794" - }, - { - "name" : "20937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18794" + }, + { + "name": "GLSA-200607-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200607-01.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=133988", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=133988" + }, + { + "name": "20937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20937" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4776.json b/2006/4xxx/CVE-2006-4776.json index 458a39f47d4..822afd57289 100644 --- a/2006/4xxx/CVE-2006-4776.json +++ b/2006/4xxx/CVE-2006-4776.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060913 Cisco IOS VTP issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445896/100/0/threaded" - }, - { - "name" : "20060913 Re: Cisco IOS VTP issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445938/100/0/threaded" - }, - { - "name" : "http://www.phenoelit.de/stuff/CiscoVTP.txt", - "refsource" : "MISC", - "url" : "http://www.phenoelit.de/stuff/CiscoVTP.txt" - }, - { - "name" : "20060913 Cisco VLAN Trunking Protocol Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml" - }, - { - "name" : "VU#542108", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542108" - }, - { - "name" : "19998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19998" - }, - { - "name" : "ADV-2006-3600", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3600" - }, - { - "name" : "ADV-2006-3601", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3601" - }, - { - "name" : "28777", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28777" - }, - { - "name" : "1016843", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016843" - }, - { - "name" : "21896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21896" - }, - { - "name" : "cisco-ios-vtp-vlan-name-bo(28927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#542108", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542108" + }, + { + "name": "ADV-2006-3601", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3601" + }, + { + "name": "http://www.phenoelit.de/stuff/CiscoVTP.txt", + "refsource": "MISC", + "url": "http://www.phenoelit.de/stuff/CiscoVTP.txt" + }, + { + "name": "21896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21896" + }, + { + "name": "19998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19998" + }, + { + "name": "20060913 Cisco VLAN Trunking Protocol Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml" + }, + { + "name": "1016843", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016843" + }, + { + "name": "20060913 Re: Cisco IOS VTP issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445938/100/0/threaded" + }, + { + "name": "28777", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28777" + }, + { + "name": "cisco-ios-vtp-vlan-name-bo(28927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28927" + }, + { + "name": "ADV-2006-3600", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3600" + }, + { + "name": "20060913 Cisco IOS VTP issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445896/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5518.json b/2006/5xxx/CVE-2006-5518.json index 18d9868bb18..8a62ca00464 100644 --- a/2006/5xxx/CVE-2006-5518.json +++ b/2006/5xxx/CVE-2006-5518.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2605", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2605" - }, - { - "name" : "20654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20654" - }, - { - "name" : "ADV-2006-4146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4146" - }, - { - "name" : "29935", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29935" - }, - { - "name" : "29936", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29936" - }, - { - "name" : "29937", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29937" - }, - { - "name" : "29938", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29938" - }, - { - "name" : "22496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22496" - }, - { - "name" : "rssonate-project-file-include(29703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2605", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2605" + }, + { + "name": "ADV-2006-4146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4146" + }, + { + "name": "20654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20654" + }, + { + "name": "22496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22496" + }, + { + "name": "29935", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29935" + }, + { + "name": "29937", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29937" + }, + { + "name": "29938", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29938" + }, + { + "name": "29936", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29936" + }, + { + "name": "rssonate-project-file-include(29703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29703" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2053.json b/2010/2xxx/CVE-2010-2053.json index 036105f6dbd..49e9bf12921 100644 --- a/2010/2xxx/CVE-2010-2053.json +++ b/2010/2xxx/CVE-2010-2053.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100529 Fwd: emesene preditable temporary filename", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127514641525366&w=2" - }, - { - "name" : "http://forum.emesene.org/index.php?topic=3441.0", - "refsource" : "CONFIRM", - "url" : "http://forum.emesene.org/index.php?topic=3441.0" - }, - { - "name" : "http://www.emesene.org/", - "refsource" : "CONFIRM", - "url" : "http://www.emesene.org/" - }, - { - "name" : "FEDORA-2010-9679", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042725.html" - }, - { - "name" : "FEDORA-2010-9692", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042699.html" - }, - { - "name" : "FEDORA-2010-9696", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042683.html" - }, - { - "name" : "40455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40455" - }, - { - "name" : "65018", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65018" - }, - { - "name" : "39945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39945" - }, - { - "name" : "40115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40115" - }, - { - "name" : "ADV-2010-1423", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1423" - }, - { - "name" : "emesene-emsnpic-symlink(59045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-9692", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042699.html" + }, + { + "name": "FEDORA-2010-9679", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042725.html" + }, + { + "name": "39945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39945" + }, + { + "name": "[oss-security] 20100529 Fwd: emesene preditable temporary filename", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127514641525366&w=2" + }, + { + "name": "40115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40115" + }, + { + "name": "emesene-emsnpic-symlink(59045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59045" + }, + { + "name": "40455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40455" + }, + { + "name": "ADV-2010-1423", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1423" + }, + { + "name": "FEDORA-2010-9696", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042683.html" + }, + { + "name": "65018", + "refsource": "OSVDB", + "url": "http://osvdb.org/65018" + }, + { + "name": "http://forum.emesene.org/index.php?topic=3441.0", + "refsource": "CONFIRM", + "url": "http://forum.emesene.org/index.php?topic=3441.0" + }, + { + "name": "http://www.emesene.org/", + "refsource": "CONFIRM", + "url": "http://www.emesene.org/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2285.json b/2010/2xxx/CVE-2010-2285.json index 08e0cbaea06..2eda233eb23 100644 --- a/2010/2xxx/CVE-2010-2285.json +++ b/2010/2xxx/CVE-2010-2285.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100610 CVE request for new wireshark vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/11/1" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-05.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-06.html" - }, - { - "name" : "MDVSA-2010:113", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:113" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "40728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40728" - }, - { - "name" : "oval:org.mitre.oval:def:11488", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11488" - }, - { - "name" : "40112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40112" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1418" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-05.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-06.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-06.html" + }, + { + "name": "[oss-security] 20100610 CVE request for new wireshark vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/11/1" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "40112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40112" + }, + { + "name": "40728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40728" + }, + { + "name": "ADV-2010-1418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1418" + }, + { + "name": "oval:org.mitre.oval:def:11488", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11488" + }, + { + "name": "MDVSA-2010:113", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:113" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2327.json b/2010/2xxx/CVE-2010-2327.json index 634b9f53ed8..026d6efdd45 100644 --- a/2010/2xxx/CVE-2010-2327.json +++ b/2010/2xxx/CVE-2010-2327.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM10270", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270" - }, - { - "name" : "PM15830", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" - }, - { - "name" : "65439", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65439" - }, - { - "name" : "40096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40096" - }, - { - "name" : "ADV-2010-1411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1411" + }, + { + "name": "PM10270", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270" + }, + { + "name": "65439", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65439" + }, + { + "name": "PM15830", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" + }, + { + "name": "40096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40096" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2459.json b/2010/2xxx/CVE-2010-2459.json index 5698cc59b65..118b3748f94 100644 --- a/2010/2xxx/CVE-2010-2459.json +++ b/2010/2xxx/CVE-2010-2459.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13970", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13970" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/2daybizvcp-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/2daybizvcp-sql.txt" - }, - { - "name" : "41022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41022" - }, - { - "name" : "65810", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65810" - }, - { - "name" : "videocommportal-video-sql-injection(59638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13970", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13970" + }, + { + "name": "videocommportal-video-sql-injection(59638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59638" + }, + { + "name": "65810", + "refsource": "OSVDB", + "url": "http://osvdb.org/65810" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/2daybizvcp-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/2daybizvcp-sql.txt" + }, + { + "name": "41022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41022" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2484.json b/2010/2xxx/CVE-2010-2484.json index 88ae5c2aed1..23f9014931e 100644 --- a/2010/2xxx/CVE-2010-2484.json +++ b/2010/2xxx/CVE-2010-2484.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/releases/5_2_14.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_14.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=619324", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=619324" - }, - { - "name" : "http://support.apple.com/kb/HT4312", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4312" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-08-24-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "http://www.php.net/releases/5_2_14.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_14.php" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "APPLE-SA-2010-08-24-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=619324", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=619324" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "http://support.apple.com/kb/HT4312", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4312" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2994.json b/2010/2xxx/CVE-2010-2994.json index e12cc10799a..0a5b25e2c8e 100644 --- a/2010/2xxx/CVE-2010-2994.json +++ b/2010/2xxx/CVE-2010-2994.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:12047", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12047" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "oval:org.mitre.oval:def:12047", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12047" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3039.json b/2010/3xxx/CVE-2010-3039.json index 5eab233806a..0896b3bedc9 100644 --- a/2010/3xxx/CVE-2010-3039.json +++ b/2010/3xxx/CVE-2010-3039.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101105 nSense-2010-003: Cisco Unified Communications Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514668/100/0/threaded" - }, - { - "name" : "20101105 nSense-2010-003: Cisco Unified Communications Manager", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/40" - }, - { - "name" : "http://www.nsense.fi/advisories/nsense_2010_003.txt", - "refsource" : "MISC", - "url" : "http://www.nsense.fi/advisories/nsense_2010_003.txt" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656" - }, - { - "name" : "44672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44672" - }, - { - "name" : "1024694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024694" - }, - { - "name" : "42129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42129" - }, - { - "name" : "ADV-2010-2915", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656" + }, + { + "name": "44672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44672" + }, + { + "name": "20101105 nSense-2010-003: Cisco Unified Communications Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514668/100/0/threaded" + }, + { + "name": "1024694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024694" + }, + { + "name": "http://www.nsense.fi/advisories/nsense_2010_003.txt", + "refsource": "MISC", + "url": "http://www.nsense.fi/advisories/nsense_2010_003.txt" + }, + { + "name": "42129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42129" + }, + { + "name": "20101105 nSense-2010-003: Cisco Unified Communications Manager", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/40" + }, + { + "name": "ADV-2010-2915", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2915" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3356.json b/2010/3xxx/CVE-2010-3356.json index cfd9a64110b..306775292aa 100644 --- a/2010/3xxx/CVE-2010-3356.json +++ b/2010/3xxx/CVE-2010-3356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3475.json b/2010/3xxx/CVE-2010-3475.json index 79597258b85..6deed4debdc 100644 --- a/2010/3xxx/CVE-2010-3475.json +++ b/2010/3xxx/CVE-2010-3475.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21446455", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21446455" - }, - { - "name" : "IC70406", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406" - }, - { - "name" : "43291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43291" - }, - { - "name" : "68122", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/68122" - }, - { - "name" : "oval:org.mitre.oval:def:14609", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609" - }, - { - "name" : "1024458", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024458" - }, - { - "name" : "41444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41444" - }, - { - "name" : "ADV-2010-2425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2425" - }, - { - "name" : "ibm-db2-sql-security-bypass(61873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43291" + }, + { + "name": "ADV-2010-2425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2425" + }, + { + "name": "ibm-db2-sql-security-bypass(61873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61873" + }, + { + "name": "41444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41444" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21446455", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21446455" + }, + { + "name": "IC70406", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406" + }, + { + "name": "68122", + "refsource": "OSVDB", + "url": "http://osvdb.org/68122" + }, + { + "name": "oval:org.mitre.oval:def:14609", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14609" + }, + { + "name": "1024458", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024458" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3651.json b/2010/3xxx/CVE-2010-3651.json index 0b03dbf9e4e..680b693098c 100644 --- a/2010/3xxx/CVE-2010-3651.json +++ b/2010/3xxx/CVE-2010-3651.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3651", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3651", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4238.json b/2010/4xxx/CVE-2010-4238.json index 3b8c48de43b..ff5355edf81 100644 --- a/2010/4xxx/CVE-2010-4238.json +++ b/2010/4xxx/CVE-2010-4238.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517", - "refsource" : "MISC", - "url" : "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=655623", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=655623" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "RHSA-2011:0017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0017.html" - }, - { - "name" : "45795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45795" - }, - { - "name" : "42884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42884" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "xen-vdbcreate-dos(64698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517", + "refsource": "MISC", + "url": "http://bugs.centos.org/bug_view_advanced_page.php?bug_id=4517" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=655623", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=655623" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "RHSA-2011:0017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "42884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42884" + }, + { + "name": "45795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45795" + }, + { + "name": "xen-vdbcreate-dos(64698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64698" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4715.json b/2010/4xxx/CVE-2010-4715.json index 48949ef7a8b..1ec73c871a9 100644 --- a/2010/4xxx/CVE-2010-4715.json +++ b/2010/4xxx/CVE-2010-4715.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.facebook.com/note.php?note_id=477865030928", - "refsource" : "CONFIRM", - "url" : "http://www.facebook.com/note.php?note_id=477865030928" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007156&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007156&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=638644", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=638644" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=638646", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=638646" - }, - { - "name" : "40820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40820" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=638646", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=638646" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007156&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007156&sliceId=1" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=638644", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=638644" + }, + { + "name": "http://www.facebook.com/note.php?note_id=477865030928", + "refsource": "CONFIRM", + "url": "http://www.facebook.com/note.php?note_id=477865030928" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4722.json b/2010/4xxx/CVE-2010-4722.json index 0df41cf6deb..8eb9de488bd 100644 --- a/2010/4xxx/CVE-2010-4722.json +++ b/2010/4xxx/CVE-2010-4722.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", - "refsource" : "CONFIRM", - "url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", + "refsource": "CONFIRM", + "url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4784.json b/2010/4xxx/CVE-2010-4784.json index d0f5dcc7f97..178fa8d9e5a 100644 --- a/2010/4xxx/CVE-2010-4784.json +++ b/2010/4xxx/CVE-2010-4784.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514908/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/147/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/147/summary.html" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt" - }, - { - "name" : "45066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45066" - }, - { - "name" : "69511", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69511" - }, - { - "name" : "42316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42316" - }, - { - "name" : "8184", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://evuln.com/vulns/147/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/147/summary.html" + }, + { + "name": "45066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45066" + }, + { + "name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded" + }, + { + "name": "42316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42316" + }, + { + "name": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt" + }, + { + "name": "69511", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69511" + }, + { + "name": "8184", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8184" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4798.json b/2010/4xxx/CVE-2010-4798.json index 4c87a9a7bd1..d86fa4388f2 100644 --- a/2010/4xxx/CVE-2010-4798.json +++ b/2010/4xxx/CVE-2010-4798.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15232", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15232" - }, - { - "name" : "43905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43905" - }, - { - "name" : "orangehrm-index-file-include(62388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "orangehrm-index-file-include(62388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62388" + }, + { + "name": "43905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43905" + }, + { + "name": "15232", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15232" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4875.json b/2010/4xxx/CVE-2010-4875.json index 4a0fe6acb14..af06638e4c7 100644 --- a/2010/4xxx/CVE-2010-4875.json +++ b/2010/4xxx/CVE-2010-4875.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1011-exploits/wpvodpod-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1011-exploits/wpvodpod-xss.txt" - }, - { - "name" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Vodpod.Video.Gallery.3.1.5.Reflected.Cross-site.Scripting/58", - "refsource" : "MISC", - "url" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Vodpod.Video.Gallery.3.1.5.Reflected.Cross-site.Scripting/58" - }, - { - "name" : "69084", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69084" - }, - { - "name" : "42195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42195" - }, - { - "name" : "8431", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8431" - }, - { - "name" : "vodpod-gid-xss(63057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42195" + }, + { + "name": "vodpod-gid-xss(63057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63057" + }, + { + "name": "http://www.johnleitch.net/Vulnerabilities/WordPress.Vodpod.Video.Gallery.3.1.5.Reflected.Cross-site.Scripting/58", + "refsource": "MISC", + "url": "http://www.johnleitch.net/Vulnerabilities/WordPress.Vodpod.Video.Gallery.3.1.5.Reflected.Cross-site.Scripting/58" + }, + { + "name": "8431", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8431" + }, + { + "name": "http://packetstormsecurity.org/1011-exploits/wpvodpod-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1011-exploits/wpvodpod-xss.txt" + }, + { + "name": "69084", + "refsource": "OSVDB", + "url": "http://osvdb.org/69084" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1002.json b/2011/1xxx/CVE-2011-1002.json index 07b9c10ca5b..ca9f081ff8d 100644 --- a/2011/1xxx/CVE-2011-1002.json +++ b/2011/1xxx/CVE-2011-1002.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/18/1" - }, - { - "name" : "[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/18/4" - }, - { - "name" : "[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/22/9" - }, - { - "name" : "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/" - }, - { - "name" : "http://avahi.org/ticket/325", - "refsource" : "CONFIRM", - "url" : "http://avahi.org/ticket/325" - }, - { - "name" : "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6", - "refsource" : "CONFIRM", - "url" : "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667187", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667187" - }, - { - "name" : "DSA-2174", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2174" - }, - { - "name" : "FEDORA-2011-3033", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html" - }, - { - "name" : "MDVSA-2011:037", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:037" - }, - { - "name" : "MDVSA-2011:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040" - }, - { - "name" : "RHSA-2011:0436", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0436.html" - }, - { - "name" : "RHSA-2011:0779", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0779.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "USN-1084-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1084-1" - }, - { - "name" : "46446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46446" - }, - { - "name" : "70948", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70948" - }, - { - "name" : "43361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43361" - }, - { - "name" : "43465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43465" - }, - { - "name" : "43605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43605" - }, - { - "name" : "43673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43673" - }, - { - "name" : "44131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44131" - }, - { - "name" : "ADV-2011-0448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0448" - }, - { - "name" : "ADV-2011-0499", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0499" - }, - { - "name" : "ADV-2011-0511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0511" - }, - { - "name" : "ADV-2011-0565", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0565" - }, - { - "name" : "ADV-2011-0601", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0601" - }, - { - "name" : "ADV-2011-0670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0670" - }, - { - "name" : "ADV-2011-0969", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0969" - }, - { - "name" : "avahi-udp-dos(65524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65524" - }, - { - "name" : "avahi-udp-packet-dos(65525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0779", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0779.html" + }, + { + "name": "avahi-udp-packet-dos(65525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65525" + }, + { + "name": "[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/22/9" + }, + { + "name": "RHSA-2011:0436", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0436.html" + }, + { + "name": "ADV-2011-0511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0511" + }, + { + "name": "[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/18/1" + }, + { + "name": "43605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43605" + }, + { + "name": "43465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43465" + }, + { + "name": "43673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43673" + }, + { + "name": "ADV-2011-0601", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0601" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667187", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667187" + }, + { + "name": "ADV-2011-0969", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0969" + }, + { + "name": "avahi-udp-dos(65524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65524" + }, + { + "name": "44131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44131" + }, + { + "name": "MDVSA-2011:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040" + }, + { + "name": "46446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46446" + }, + { + "name": "MDVSA-2011:037", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:037" + }, + { + "name": "ADV-2011-0448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0448" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "DSA-2174", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2174" + }, + { + "name": "ADV-2011-0499", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0499" + }, + { + "name": "70948", + "refsource": "OSVDB", + "url": "http://osvdb.org/70948" + }, + { + "name": "43361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43361" + }, + { + "name": "ADV-2011-0670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0670" + }, + { + "name": "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/" + }, + { + "name": "http://avahi.org/ticket/325", + "refsource": "CONFIRM", + "url": "http://avahi.org/ticket/325" + }, + { + "name": "FEDORA-2011-3033", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html" + }, + { + "name": "ADV-2011-0565", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0565" + }, + { + "name": "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6", + "refsource": "CONFIRM", + "url": "http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6" + }, + { + "name": "USN-1084-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1084-1" + }, + { + "name": "[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/18/4" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1659.json b/2011/1xxx/CVE-2011-1659.json index 14bda219892..95b9fa7a079 100644 --- a/2011/1xxx/CVE-2011-1659.json +++ b/2011/1xxx/CVE-2011-1659.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=48733", - "refsource" : "MISC", - "url" : "http://code.google.com/p/chromium/issues/detail?id=48733" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=12583", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=12583" - }, - { - "name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681054", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681054" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "MDVSA-2011:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" - }, - { - "name" : "MDVSA-2011:179", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179" - }, - { - "name" : "1025450", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025450" - }, - { - "name" : "44353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44353" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "gnuclibrary-fnmatch-dos(66819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681054", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "44353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44353" + }, + { + "name": "1025450", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025450" + }, + { + "name": "gnuclibrary-fnmatch-dos(66819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66819" + }, + { + "name": "MDVSA-2011:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=48733", + "refsource": "MISC", + "url": "http://code.google.com/p/chromium/issues/detail?id=48733" + }, + { + "name": "MDVSA-2011:179", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179" + }, + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583", + "refsource": "CONFIRM", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12583" + }, + { + "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5163.json b/2011/5xxx/CVE-2011-5163.json index 2a0ea67ee9e..5e2481def96 100644 --- a/2011/5xxx/CVE-2011-5163.json +++ b/2011/5xxx/CVE-2011-5163.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf" - }, - { - "name" : "http://www.citect.com/citectscada-batch", - "refsource" : "CONFIRM", - "url" : "http://www.citect.com/citectscada-batch" - }, - { - "name" : "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4,SCADA", - "refsource" : "CONFIRM", - "url" : "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4,SCADA" - }, - { - "name" : "76937", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/76937" - }, - { - "name" : "1026306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026306" - }, - { - "name" : "46779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46779" - }, - { - "name" : "46786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.citect.com/citectscada-batch", + "refsource": "CONFIRM", + "url": "http://www.citect.com/citectscada-batch" + }, + { + "name": "76937", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/76937" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf" + }, + { + "name": "46779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46779" + }, + { + "name": "1026306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026306" + }, + { + "name": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4,SCADA", + "refsource": "CONFIRM", + "url": "https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4,SCADA" + }, + { + "name": "46786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46786" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3347.json b/2014/3xxx/CVE-2014-3347.json index 2416c6cf4e1..7ace57c4dd2 100644 --- a/2014/3xxx/CVE-2014-3347.json +++ b/2014/3xxx/CVE-2014-3347.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453" - }, - { - "name" : "20140827 Cisco 1800 Series ISR ISDN Basic Rate Interface Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347" - }, - { - "name" : "69439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69439" - }, - { - "name" : "1030772", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030772" - }, - { - "name" : "cisco-isr-cve20143347-dos(95558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-isr-cve20143347-dos(95558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95558" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35453" + }, + { + "name": "1030772", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030772" + }, + { + "name": "20140827 Cisco 1800 Series ISR ISDN Basic Rate Interface Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347" + }, + { + "name": "69439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69439" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3403.json b/2014/3xxx/CVE-2014-3403.json index ee498fb392d..6536674f64c 100644 --- a/2014/3xxx/CVE-2014-3403.json +++ b/2014/3xxx/CVE-2014-3403.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141009 Autonomic Networking Infrastructure Certificate Validation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141009 Autonomic Networking Infrastructure Certificate Validation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3716.json b/2014/3xxx/CVE-2014-3716.json index 052439cd8b8..fc060d02e6a 100644 --- a/2014/3xxx/CVE-2014-3716.json +++ b/2014/3xxx/CVE-2014-3716.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140514 Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/14/4" - }, - { - "name" : "[oss-security] 20140515 Re: Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/6" - }, - { - "name" : "[oss-security] 20140516 Xen Security Advisory 95 (CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717) - input handling vulnerabilities loading guest kernel on ARM", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/16/1" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-95.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-95.html" - }, - { - "name" : "1030252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/advisory-95.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-95.html" + }, + { + "name": "1030252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030252" + }, + { + "name": "[oss-security] 20140514 Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/14/4" + }, + { + "name": "[oss-security] 20140516 Xen Security Advisory 95 (CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717) - input handling vulnerabilities loading guest kernel on ARM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/16/1" + }, + { + "name": "[oss-security] 20140515 Re: Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3727.json b/2014/3xxx/CVE-2014-3727.json index 893a89218c8..967677504a3 100644 --- a/2014/3xxx/CVE-2014-3727.json +++ b/2014/3xxx/CVE-2014-3727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7454.json b/2014/7xxx/CVE-2014-7454.json index 564e8d4403e..f6f939a8856 100644 --- a/2014/7xxx/CVE-2014-7454.json +++ b/2014/7xxx/CVE-2014-7454.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#709217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/709217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#709217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/709217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8057.json b/2014/8xxx/CVE-2014-8057.json index 441142ea67d..199552e13a3 100644 --- a/2014/8xxx/CVE-2014-8057.json +++ b/2014/8xxx/CVE-2014-8057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8057", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8057", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8200.json b/2014/8xxx/CVE-2014-8200.json index cdf525c2fd3..892ee111d3e 100644 --- a/2014/8xxx/CVE-2014-8200.json +++ b/2014/8xxx/CVE-2014-8200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8200", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8200", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8422.json b/2014/8xxx/CVE-2014-8422.json index 20a1296d401..83a8d845352 100644 --- a/2014/8xxx/CVE-2014-8422.json +++ b/2014/8xxx/CVE-2014-8422.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", - "refsource" : "MISC", - "url" : "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt" - }, - { - "name" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", - "refsource" : "CONFIRM", - "url" : "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", + "refsource": "CONFIRM", + "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf" + }, + { + "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", + "refsource": "MISC", + "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8487.json b/2014/8xxx/CVE-2014-8487.json index debd2dd48f5..e48de8ec906 100644 --- a/2014/8xxx/CVE-2014-8487.json +++ b/2014/8xxx/CVE-2014-8487.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150222 CVE-2014-8487: Kony EMM insecurity Direct Object Reference", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534739/100/0/threaded" - }, - { - "name" : "72714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150222 CVE-2014-8487: Kony EMM insecurity Direct Object Reference", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534739/100/0/threaded" + }, + { + "name": "72714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72714" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8577.json b/2014/8xxx/CVE-2014-8577.json index 620a2520ac8..2723fa88582 100644 --- a/2014/8xxx/CVE-2014-8577.json +++ b/2014/8xxx/CVE-2014-8577.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34959", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34959" - }, - { - "name" : "http://packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.php", - "refsource" : "MISC", - "url" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.php" - }, - { - "name" : "http://blog.croogo.org/blog/croogo-210-released", - "refsource" : "CONFIRM", - "url" : "http://blog.croogo.org/blog/croogo-210-released" - }, - { - "name" : "113109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/113109" - }, - { - "name" : "113110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/113110" - }, - { - "name" : "113111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/113111" - }, - { - "name" : "113113", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/113113" - }, - { - "name" : "croogo-multiple-post-xss(96991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "113110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/113110" + }, + { + "name": "croogo-multiple-post-xss(96991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96991" + }, + { + "name": "34959", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34959" + }, + { + "name": "113113", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/113113" + }, + { + "name": "http://zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.php", + "refsource": "MISC", + "url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2014-5201.php" + }, + { + "name": "http://packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128639/Croogo-2.0.0-Cross-Site-Scripting.html" + }, + { + "name": "http://blog.croogo.org/blog/croogo-210-released", + "refsource": "CONFIRM", + "url": "http://blog.croogo.org/blog/croogo-210-released" + }, + { + "name": "113109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/113109" + }, + { + "name": "113111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/113111" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9405.json b/2014/9xxx/CVE-2014-9405.json index 6ce38d3735d..13395485e6a 100644 --- a/2014/9xxx/CVE-2014-9405.json +++ b/2014/9xxx/CVE-2014-9405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9461.json b/2014/9xxx/CVE-2014-9461.json index 7a0db1d25cd..e09978298c8 100644 --- a/2014/9xxx/CVE-2014-9461.json +++ b/2014/9xxx/CVE-2014-9461.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.g0blin.co.uk/g0blin-00021/", - "refsource" : "MISC", - "url" : "https://research.g0blin.co.uk/g0blin-00021/" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite" - }, - { - "name" : "https://wordpress.org/plugins/cart66-lite/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/cart66-lite/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/cart66-lite/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/cart66-lite/changelog/" + }, + { + "name": "https://research.g0blin.co.uk/g0blin-00021/", + "refsource": "MISC", + "url": "https://research.g0blin.co.uk/g0blin-00021/" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1052064/cart66-lite" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9711.json b/2014/9xxx/CVE-2014-9711.json index 354bc32a761..a104449a512 100644 --- a/2014/9xxx/CVE-2014-9711.json +++ b/2014/9xxx/CVE-2014-9711.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534915/100/0/threaded" - }, - { - "name" : "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534917/100/0/threaded" - }, - { - "name" : "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/110" - }, - { - "name" : "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/109" - }, - { - "name" : "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html", - "refsource" : "MISC", - "url" : "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html" - }, - { - "name" : "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html", - "refsource" : "MISC", - "url" : "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html" - }, - { - "name" : "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" - }, - { - "name" : "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions" - }, - { - "name" : "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html", + "refsource": "MISC", + "url": "https://www.securify.nl/advisory/SFY20140911/cross_site_scripting_vulnerability_in_websense_explorer_report_scheduler.html" + }, + { + "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" + }, + { + "name": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html", + "refsource": "MISC", + "url": "https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html" + }, + { + "name": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/v7-8-3-About-Hotfix-02-for-Web-Security-Solutions" + }, + { + "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/109" + }, + { + "name": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130905/Websense-Reporting-Cross-Site-Scripting.html" + }, + { + "name": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130903/Websense-Explorer-Report-Scheduler-Cross-Site-Scripting.html" + }, + { + "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/110" + }, + { + "name": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-01-for-Web-Security-Solutions" + }, + { + "name": "20150318 Cross-Site Scripting vulnerability in Websense Explorer report scheduler", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534917/100/0/threaded" + }, + { + "name": "20150318 Multiple Cross-Site Scripting vulnerabilities in Websense Reporting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534915/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9905.json b/2014/9xxx/CVE-2014-9905.json index 86daf39630a..4c9f8e919be 100644 --- a/2014/9xxx/CVE-2014-9905.json +++ b/2014/9xxx/CVE-2014-9905.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160709 Re: CVE request: several SOGo issues (DOS, XSS, information leakage)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/09/3" - }, - { - "name" : "https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9", - "refsource" : "CONFIRM", - "url" : "https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9" - }, - { - "name" : "https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501", - "refsource" : "CONFIRM", - "url" : "https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501" - }, - { - "name" : "https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765", - "refsource" : "CONFIRM", - "url" : "https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765" - }, - { - "name" : "https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625", - "refsource" : "CONFIRM", - "url" : "https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625" - }, - { - "name" : "https://sogo.nu/bugs/view.php?id=2598", - "refsource" : "CONFIRM", - "url" : "https://sogo.nu/bugs/view.php?id=2598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765", + "refsource": "CONFIRM", + "url": "https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765" + }, + { + "name": "[oss-security] 20160709 Re: CVE request: several SOGo issues (DOS, XSS, information leakage)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/09/3" + }, + { + "name": "https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501", + "refsource": "CONFIRM", + "url": "https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501" + }, + { + "name": "https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625", + "refsource": "CONFIRM", + "url": "https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625" + }, + { + "name": "https://sogo.nu/bugs/view.php?id=2598", + "refsource": "CONFIRM", + "url": "https://sogo.nu/bugs/view.php?id=2598" + }, + { + "name": "https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9", + "refsource": "CONFIRM", + "url": "https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2295.json b/2016/2xxx/CVE-2016-2295.json index 18d442384fc..7ba09998b0b 100644 --- a/2016/2xxx/CVE-2016-2295.json +++ b/2016/2xxx/CVE-2016-2295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160503 Moxa MiiNePort - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/7" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160503 Moxa MiiNePort - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/7" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2445.json b/2016/2xxx/CVE-2016-2445.json index e32bf8ea3ad..bfac55cea98 100644 --- a/2016/2xxx/CVE-2016-2445.json +++ b/2016/2xxx/CVE-2016-2445.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6200.json b/2016/6xxx/CVE-2016-6200.json index f0efec339e0..f05955968bb 100644 --- a/2016/6xxx/CVE-2016-6200.json +++ b/2016/6xxx/CVE-2016-6200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6665.json b/2016/6xxx/CVE-2016-6665.json index 66eb2dff5eb..04f9c75ef1c 100644 --- a/2016/6xxx/CVE-2016-6665.json +++ b/2016/6xxx/CVE-2016-6665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7014.json b/2016/7xxx/CVE-2016-7014.json index e2d7e1e2f13..0fb925c5f78 100644 --- a/2016/7xxx/CVE-2016-7014.json +++ b/2016/7xxx/CVE-2016-7014.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" - }, - { - "name" : "93496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93496" - }, - { - "name" : "1036986", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036986", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036986" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" + }, + { + "name": "93496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93496" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7326.json b/2016/7xxx/CVE-2016-7326.json index c281c7845d7..e61b4ac6830 100644 --- a/2016/7xxx/CVE-2016-7326.json +++ b/2016/7xxx/CVE-2016-7326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7326", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7326", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7867.json b/2016/7xxx/CVE-2016-7867.json index 54d49482b94..ea6707d9596 100644 --- a/2016/7xxx/CVE-2016-7867.json +++ b/2016/7xxx/CVE-2016-7867.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow / Underflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-622", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-622" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94871" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow / Underflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "94871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94871" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-622", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-622" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7897.json b/2016/7xxx/CVE-2016-7897.json index 5c885412748..d560f10f22e 100644 --- a/2016/7xxx/CVE-2016-7897.json +++ b/2016/7xxx/CVE-2016-7897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7897", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7897", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5098.json b/2017/5xxx/CVE-2017-5098.json index df07c491546..1296bedca56 100644 --- a/2017/5xxx/CVE-2017-5098.json +++ b/2017/5xxx/CVE-2017-5098.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/740803", - "refsource" : "MISC", - "url" : "https://crbug.com/740803" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + }, + { + "name": "https://crbug.com/740803", + "refsource": "MISC", + "url": "https://crbug.com/740803" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5810.json b/2017/5xxx/CVE-2017-5810.json index 1af60571c23..687d0e81fd2 100644 --- a/2017/5xxx/CVE-2017-5810.json +++ b/2017/5xxx/CVE-2017-5810.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-05-04T00:00:00", - "ID" : "CVE-2017-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Automation", - "version" : { - "version_data" : [ - { - "version_value" : "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote sql injection" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-05-04T00:00:00", + "ID": "CVE-2017-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Automation", + "version": { + "version_data": [ + { + "version_value": "9.1x, 9.2x, 10.0x, 10.1x and 10.2x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" - }, - { - "name" : "98331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98331" - }, - { - "name" : "1038407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote sql injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us" + }, + { + "name": "98331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98331" + }, + { + "name": "1038407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038407" + } + ] + } +} \ No newline at end of file