diff --git a/2006/0xxx/CVE-2006-0287.json b/2006/0xxx/CVE-2006-0287.json index 2464e235075..260912383e8 100644 --- a/2006/0xxx/CVE-2006-0287.json +++ b/2006/0xxx/CVE-2006-0287.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0495.json b/2006/0xxx/CVE-2006-0495.json index b83ab744277..134a9e61a35 100644 --- a/2006/0xxx/CVE-2006-0495.json +++ b/2006/0xxx/CVE-2006-0495.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423443/100/0/threaded" - }, - { - "name" : "16419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16419" - }, - { - "name" : "mybb-usercp2-xss(24392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-usercp2-xss(24392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392" + }, + { + "name": "16419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16419" + }, + { + "name": "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1093.json b/2006/1xxx/CVE-2006-1093.json index 0293af0cd08..2269f75df98 100644 --- a/2006/1xxx/CVE-2006-1093.json +++ b/2006/1xxx/CVE-2006-1093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21231377", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21231377" - }, - { - "name" : "16908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16908" - }, - { - "name" : "ADV-2006-0788", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0788" - }, - { - "name" : "1015716", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015716", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015716" + }, + { + "name": "16908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16908" + }, + { + "name": "ADV-2006-0788", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0788" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21231377", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21231377" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1432.json b/2006/1xxx/CVE-2006-1432.json index ac0808d2e3d..d849fa9a2c3 100644 --- a/2006/1xxx/CVE-2006-1432.json +++ b/2006/1xxx/CVE-2006-1432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html" - }, - { - "name" : "couponzone-local-path-disclosure(25486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "couponzone-local-path-disclosure(25486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25486" + }, + { + "name": "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1910.json b/2006/1xxx/CVE-2006-1910.json index 8eb046cc34f..cca4a103c01 100644 --- a/2006/1xxx/CVE-2006-1910.json +++ b/2006/1xxx/CVE-2006-1910.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040614 Serendipity Blog vuln", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html" - }, - { - "name" : "17566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17566" + }, + { + "name": "20040614 Serendipity Blog vuln", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5059.json b/2006/5xxx/CVE-2006-5059.json index 19e9c23617c..733c024ea1d 100644 --- a/2006/5xxx/CVE-2006-5059.json +++ b/2006/5xxx/CVE-2006-5059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060924 wwwthreads <= 5.4.2 croos site script vulnerbilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446911/100/0/threaded" - }, - { - "name" : "20178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20178" - }, - { - "name" : "ADV-2006-3858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3858" - }, - { - "name" : "22211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22211" - }, - { - "name" : "1645", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1645", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1645" + }, + { + "name": "ADV-2006-3858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3858" + }, + { + "name": "20060924 wwwthreads <= 5.4.2 croos site script vulnerbilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446911/100/0/threaded" + }, + { + "name": "22211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22211" + }, + { + "name": "20178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20178" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5265.json b/2006/5xxx/CVE-2006-5265.json index 724036841d5..81f9706d121 100644 --- a/2006/5xxx/CVE-2006-5265.json +++ b/2006/5xxx/CVE-2006-5265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29991" - }, - { - "name" : "accountingsoftware-magic-number-dos(25844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29991" + }, + { + "name": "accountingsoftware-magic-number-dos(25844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25844" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5381.json b/2006/5xxx/CVE-2006-5381.json index 9f36daf1267..d182af7a400 100644 --- a/2006/5xxx/CVE-2006-5381.json +++ b/2006/5xxx/CVE-2006-5381.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061013 CMS contenido Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448563/100/0/threaded" - }, - { - "name" : "1738", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061013 CMS contenido Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448563/100/0/threaded" + }, + { + "name": "1738", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1738" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5461.json b/2006/5xxx/CVE-2006-5461.json index 174cad4b640..7fbfcaf8e4e 100644 --- a/2006/5xxx/CVE-2006-5461.json +++ b/2006/5xxx/CVE-2006-5461.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-5461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages", - "refsource" : "MLIST", - "url" : "https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html" - }, - { - "name" : "http://avahi.org/milestone/Avahi%200.6.15", - "refsource" : "CONFIRM", - "url" : "http://avahi.org/milestone/Avahi%200.6.15" - }, - { - "name" : "GLSA-200611-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml" - }, - { - "name" : "MDKSA-2006:215", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:215" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "USN-380-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/380-1/" - }, - { - "name" : "21016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21016" - }, - { - "name" : "ADV-2006-4474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4474" - }, - { - "name" : "1017257", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017257" - }, - { - "name" : "22807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22807" - }, - { - "name" : "22852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22852" - }, - { - "name" : "23020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23020" - }, - { - "name" : "23042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23042" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "avahi-netlink-security-bypass(30207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "23042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23042" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "22852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22852" + }, + { + "name": "USN-380-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/380-1/" + }, + { + "name": "ADV-2006-4474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4474" + }, + { + "name": "23020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23020" + }, + { + "name": "22807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22807" + }, + { + "name": "http://avahi.org/milestone/Avahi%200.6.15", + "refsource": "CONFIRM", + "url": "http://avahi.org/milestone/Avahi%200.6.15" + }, + { + "name": "1017257", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017257" + }, + { + "name": "[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages", + "refsource": "MLIST", + "url": "https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html" + }, + { + "name": "MDKSA-2006:215", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:215" + }, + { + "name": "avahi-netlink-security-bypass(30207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30207" + }, + { + "name": "GLSA-200611-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml" + }, + { + "name": "21016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21016" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5497.json b/2006/5xxx/CVE-2006-5497.json index 5fe15337ae1..3b2291b5d5f 100644 --- a/2006/5xxx/CVE-2006-5497.json +++ b/2006/5xxx/CVE-2006-5497.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2600", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2600" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=625467", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=625467" - }, - { - "name" : "20640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20640" - }, - { - "name" : "ADV-2006-4122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4122" - }, - { - "name" : "29904", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29904" - }, - { - "name" : "22491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22491" - }, - { - "name" : "seguecms-themesettings-file-include(29692)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4122" + }, + { + "name": "20640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20640" + }, + { + "name": "2600", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2600" + }, + { + "name": "seguecms-themesettings-file-include(29692)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29692" + }, + { + "name": "22491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22491" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=625467", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=625467" + }, + { + "name": "29904", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29904" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5900.json b/2006/5xxx/CVE-2006-5900.json index f1bed546c62..c3c535b841b 100644 --- a/2006/5xxx/CVE-2006-5900.json +++ b/2006/5xxx/CVE-2006-5900.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061103 XSS Vulnerability in Zend Framework Preview 0.2.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450707/100/0/threaded" - }, - { - "name" : "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009", - "refsource" : "MISC", - "url" : "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009" - }, - { - "name" : "1863", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1863", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1863" + }, + { + "name": "20061103 XSS Vulnerability in Zend Framework Preview 0.2.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450707/100/0/threaded" + }, + { + "name": "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009", + "refsource": "MISC", + "url": "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2371.json b/2007/2xxx/CVE-2007-2371.json index b65dca7933d..d9ea1b1cc52 100644 --- a/2007/2xxx/CVE-2007-2371.json +++ b/2007/2xxx/CVE-2007-2371.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3671", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3671" - }, - { - "name" : "23342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23342" + }, + { + "name": "3671", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3671" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0398.json b/2010/0xxx/CVE-2010-0398.json index 72e98008a43..d6e54a49ff2 100644 --- a/2010/0xxx/CVE-2010-0398.json +++ b/2010/0xxx/CVE-2010-0398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0404.json b/2010/0xxx/CVE-2010-0404.json index e113f8a4a72..3d926e6449c 100644 --- a/2010/0xxx/CVE-2010-0404.json +++ b/2010/0xxx/CVE-2010-0404.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511299/100/0/threaded" - }, - { - "name" : "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html" - }, - { - "name" : "http://download.phpgroupware.org/", - "refsource" : "CONFIRM", - "url" : "http://download.phpgroupware.org/" - }, - { - "name" : "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0", - "refsource" : "CONFIRM", - "url" : "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0" - }, - { - "name" : "DSA-2046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2046" - }, - { - "name" : "39665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39665" - }, - { - "name" : "39731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39731" - }, - { - "name" : "ADV-2010-1145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1145" - }, - { - "name" : "ADV-2010-1146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1146" + }, + { + "name": "ADV-2010-1145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1145" + }, + { + "name": "http://download.phpgroupware.org/", + "refsource": "CONFIRM", + "url": "http://download.phpgroupware.org/" + }, + { + "name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html" + }, + { + "name": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0", + "refsource": "CONFIRM", + "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0" + }, + { + "name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded" + }, + { + "name": "39731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39731" + }, + { + "name": "DSA-2046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2046" + }, + { + "name": "39665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39665" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0580.json b/2010/0xxx/CVE-2010-0580.json index a80a5faaa4c..aa43c5d425d 100644 --- a/2010/0xxx/CVE-2010-0580.json +++ b/2010/0xxx/CVE-2010-0580.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the \"SIP Message Processing Arbitrary Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064" - }, - { - "name" : "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml" - }, - { - "name" : "1023744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023744" - }, - { - "name" : "39068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the \"SIP Message Processing Arbitrary Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023744" + }, + { + "name": "39068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39068" + }, + { + "name": "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0743.json b/2010/0xxx/CVE-2010-0743.json index 50858b8a0e9..85457064cec 100644 --- a/2010/0xxx/CVE-2010-0743.json +++ b/2010/0xxx/CVE-2010-0743.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100331 iscsitarget/scsi-target-tuils format string CVE assignment", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127005132403189&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=576359", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=576359" - }, - { - "name" : "DSA-2042", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2042" - }, - { - "name" : "MDVSA-2010:131", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "39127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39127" - }, - { - "name" : "oval:org.mitre.oval:def:11248", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11248" - }, - { - "name" : "39142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39142" - }, - { - "name" : "39726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39726" - }, - { - "name" : "ADV-2010-1786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1786" - }, - { - "name" : "lstf-isns-format-string(57496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lstf-isns-format-string(57496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57496" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=576359", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576359" + }, + { + "name": "MDVSA-2010:131", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935" + }, + { + "name": "oval:org.mitre.oval:def:11248", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11248" + }, + { + "name": "39142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39142" + }, + { + "name": "[oss-security] 20100331 iscsitarget/scsi-target-tuils format string CVE assignment", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127005132403189&w=2" + }, + { + "name": "39127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39127" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59" + }, + { + "name": "DSA-2042", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2042" + }, + { + "name": "ADV-2010-1786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1786" + }, + { + "name": "39726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39726" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1197.json b/2010/1xxx/CVE-2010-1197.json index 6a285e5b4fb..9b919f3ef01 100644 --- a/2010/1xxx/CVE-2010-1197.json +++ b/2010/1xxx/CVE-2010-1197.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537120", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537120" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100091069", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100091069" - }, - { - "name" : "FEDORA-2010-10344", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html" - }, - { - "name" : "FEDORA-2010-10361", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html" - }, - { - "name" : "MDVSA-2010:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125" - }, - { - "name" : "RHSA-2010:0499", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0499.html" - }, - { - "name" : "RHSA-2010:0500", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0500.html" - }, - { - "name" : "RHSA-2010:0501", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0501.html" - }, - { - "name" : "SUSE-SA:2010:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" - }, - { - "name" : "USN-930-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-930-1" - }, - { - "name" : "USN-930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-930-2" - }, - { - "name" : "41050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41050" - }, - { - "name" : "41103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41103" - }, - { - "name" : "oval:org.mitre.oval:def:10168", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168" - }, - { - "name" : "oval:org.mitre.oval:def:14186", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186" - }, - { - "name" : "1024138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024138" - }, - { - "name" : "40326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40326" - }, - { - "name" : "40401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40401" - }, - { - "name" : "40481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40481" - }, - { - "name" : "ADV-2010-1551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1551" - }, - { - "name" : "ADV-2010-1556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1556" - }, - { - "name" : "ADV-2010-1557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1557" - }, - { - "name" : "ADV-2010-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1640" - }, - { - "name" : "ADV-2010-1773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1773" - }, - { - "name" : "ADV-2010-1592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1592" - }, - { - "name" : "firefox-contentdisposition-security-bypass(59667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40481" + }, + { + "name": "USN-930-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-930-1" + }, + { + "name": "oval:org.mitre.oval:def:14186", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186" + }, + { + "name": "FEDORA-2010-10361", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html" + }, + { + "name": "1024138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024138" + }, + { + "name": "ADV-2010-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1640" + }, + { + "name": "oval:org.mitre.oval:def:10168", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168" + }, + { + "name": "41050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41050" + }, + { + "name": "RHSA-2010:0501", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0501.html" + }, + { + "name": "ADV-2010-1557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1557" + }, + { + "name": "MDVSA-2010:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125" + }, + { + "name": "ADV-2010-1773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1773" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=537120", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=537120" + }, + { + "name": "RHSA-2010:0499", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0499.html" + }, + { + "name": "ADV-2010-1556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1556" + }, + { + "name": "ADV-2010-1592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1592" + }, + { + "name": "USN-930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-930-2" + }, + { + "name": "41103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41103" + }, + { + "name": "ADV-2010-1551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1551" + }, + { + "name": "RHSA-2010:0500", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0500.html" + }, + { + "name": "SUSE-SA:2010:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html" + }, + { + "name": "40401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40401" + }, + { + "name": "FEDORA-2010-10344", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html" + }, + { + "name": "firefox-contentdisposition-security-bypass(59667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59667" + }, + { + "name": "40326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40326" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100091069", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100091069" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3045.json b/2010/3xxx/CVE-2010-3045.json index 7f12d6c0094..b8b06945ae0 100644 --- a/2010/3xxx/CVE-2010-3045.json +++ b/2010/3xxx/CVE-2010-3045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3045", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3045", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3058.json b/2010/3xxx/CVE-2010-3058.json index 615d9579ab1..5b74762aa7c 100644 --- a/2010/3xxx/CVE-2010-3058.json +++ b/2010/3xxx/CVE-2010-3058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820" - }, - { - "name" : "IC69883", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" - }, - { - "name" : "42549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42549" - }, - { - "name" : "41044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820" + }, + { + "name": "41044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41044" + }, + { + "name": "IC69883", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" + }, + { + "name": "42549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42549" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3138.json b/2010/3xxx/CVE-2010-3138.json index e10366f88a5..f0908d9583e 100644 --- a/2010/3xxx/CVE-2010-3138.json +++ b/2010/3xxx/CVE-2010-3138.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka \"Indeo Codec Insecure Library Loading Vulnerability.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14765", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14765" - }, - { - "name" : "14788", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14788" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php" - }, - { - "name" : "MS12-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014" - }, - { - "name" : "TA12-045A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" - }, - { - "name" : "67588", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/67588" - }, - { - "name" : "oval:org.mitre.oval:def:7132", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132" - }, - { - "name" : "41114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41114" - }, - { - "name" : "ADV-2010-2190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka \"Indeo Codec Insecure Library Loading Vulnerability.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-045A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php" + }, + { + "name": "14765", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14765" + }, + { + "name": "oval:org.mitre.oval:def:7132", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132" + }, + { + "name": "ADV-2010-2190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2190" + }, + { + "name": "67588", + "refsource": "OSVDB", + "url": "http://osvdb.org/67588" + }, + { + "name": "14788", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14788" + }, + { + "name": "41114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41114" + }, + { + "name": "MS12-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3372.json b/2010/3xxx/CVE-2010-3372.json index db500fc51a5..4a2504d4fc7 100644 --- a/2010/3xxx/CVE-2010-3372.json +++ b/2010/3xxx/CVE-2010-3372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html", - "refsource" : "CONFIRM", - "url" : "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html" - }, - { - "name" : "42496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42496" - }, - { - "name" : "arc-ldlibpath-priv-escalation(64434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html", + "refsource": "CONFIRM", + "url": "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html" + }, + { + "name": "42496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42496" + }, + { + "name": "arc-ldlibpath-priv-escalation(64434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64434" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3414.json b/2010/3xxx/CVE-2010-3414.json index ef96efe8448..779b7e74e9d 100644 --- a/2010/3xxx/CVE-2010-3414.json +++ b/2010/3xxx/CVE-2010-3414.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=45400", - "refsource" : "MISC", - "url" : "http://code.google.com/p/chromium/issues/detail?id=45400" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=53361", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=53361" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" - }, - { - "name" : "oval:org.mitre.oval:def:13941", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=45400", + "refsource": "MISC", + "url": "http://code.google.com/p/chromium/issues/detail?id=45400" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=53361", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=53361" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" + }, + { + "name": "oval:org.mitre.oval:def:13941", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13941" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4512.json b/2010/4xxx/CVE-2010-4512.json index 83806f6e101..912f351d8c0 100644 --- a/2010/4xxx/CVE-2010-4512.json +++ b/2010/4xxx/CVE-2010-4512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554567", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554567" - }, - { - "name" : "42602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42602" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554567", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567" + }, + { + "name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz", + "refsource": "CONFIRM", + "url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4964.json b/2010/4xxx/CVE-2010-4964.json index 696924feb2f..127ffdba96e 100644 --- a/2010/4xxx/CVE-2010-4964.json +++ b/2010/4xxx/CVE-2010-4964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a \"semicolon injection\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110910 D-Link DCS-2121 Semicolon Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/10/1" - }, - { - "name" : "[oss-security] 20110914 Re: D-Link DCS-2121 Semicolon Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/4" - }, - { - "name" : "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html", - "refsource" : "MISC", - "url" : "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a \"semicolon injection\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110910 D-Link DCS-2121 Semicolon Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/10/1" + }, + { + "name": "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html", + "refsource": "MISC", + "url": "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html" + }, + { + "name": "[oss-security] 20110914 Re: D-Link DCS-2121 Semicolon Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/4" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3155.json b/2014/3xxx/CVE-2014-3155.json index 7ee9a174152..ea2bf26240f 100644 --- a/2014/3xxx/CVE-2014-3155.json +++ b/2014/3xxx/CVE-2014-3155.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=369539", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=369539" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision" - }, - { - "name" : "DSA-2959", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2959" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "67980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67980" - }, - { - "name" : "58585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58585" - }, - { - "name" : "59090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59090" - }, - { - "name" : "60372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60372" - }, - { - "name" : "60061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67980" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision" + }, + { + "name": "59090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59090" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "60372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60372" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=369539", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=369539" + }, + { + "name": "60061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60061" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision" + }, + { + "name": "58585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58585" + }, + { + "name": "DSA-2959", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2959" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4106.json b/2014/4xxx/CVE-2014-4106.json index 3b97700a149..a22f174666d 100644 --- a/2014/4xxx/CVE-2014-4106.json +++ b/2014/4xxx/CVE-2014-4106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69614" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69614" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4710.json b/2014/4xxx/CVE-2014-4710.json index dbbaf9a50d0..a393f04ae06 100644 --- a/2014/4xxx/CVE-2014-4710.json +++ b/2014/4xxx/CVE-2014-4710.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34170", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34170" - }, - { - "name" : "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710", - "refsource" : "MISC", - "url" : "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710" - }, - { - "name" : "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710", + "refsource": "MISC", + "url": "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710" + }, + { + "name": "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html" + }, + { + "name": "34170", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34170" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8141.json b/2014/8xxx/CVE-2014-8141.json index 14f3744710d..b382cd1f301 100644 --- a/2014/8xxx/CVE-2014-8141.json +++ b/2014/8xxx/CVE-2014-8141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8141", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8141", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8256.json b/2014/8xxx/CVE-2014-8256.json index b6b2bb14a66..c9c510f16b3 100644 --- a/2014/8xxx/CVE-2014-8256.json +++ b/2014/8xxx/CVE-2014-8256.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8256", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8256", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8393.json b/2014/8xxx/CVE-2014-8393.json index a2004f629b5..68cbad85bb7 100644 --- a/2014/8xxx/CVE-2014-8393.json +++ b/2014/8xxx/CVE-2014-8393.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150112 Corel Software DLL Hijacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534452/100/0/threaded" - }, - { - "name" : "20150112 Corel Software DLL Hijacking", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/33" - }, - { - "name" : "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html" - }, - { - "name" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" - }, - { - "name" : "72005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72005" - }, - { - "name" : "1031522", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031522" - }, - { - "name" : "62210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150112 Corel Software DLL Hijacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534452/100/0/threaded" + }, + { + "name": "72005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72005" + }, + { + "name": "62210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62210" + }, + { + "name": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" + }, + { + "name": "1031522", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031522" + }, + { + "name": "20150112 Corel Software DLL Hijacking", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/33" + }, + { + "name": "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8778.json b/2014/8xxx/CVE-2014-8778.json index 388dd0468cb..45ae1424834 100644 --- a/2014/8xxx/CVE-2014-8778.json +++ b/2014/8xxx/CVE-2014-8778.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150903 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536387/100/0/threaded" - }, - { - "name" : "20150907 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/17" - }, - { - "name" : "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html" + }, + { + "name": "20150903 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536387/100/0/threaded" + }, + { + "name": "20150907 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/17" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9169.json b/2014/9xxx/CVE-2014-9169.json index a99190fe53c..8101f3b2581 100644 --- a/2014/9xxx/CVE-2014-9169.json +++ b/2014/9xxx/CVE-2014-9169.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9169", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9169", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9356.json b/2014/9xxx/CVE-2014-9356.json index c8f380c390f..bc8285e14b3 100644 --- a/2014/9xxx/CVE-2014-9356.json +++ b/2014/9xxx/CVE-2014-9356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9432.json b/2014/9xxx/CVE-2014-9432.json index 46af1ccb796..debadea7511 100644 --- a/2014/9xxx/CVE-2014-9432.json +++ b/2014/9xxx/CVE-2014-9432.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534315/100/0/threaded" - }, - { - "name" : "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/108" - }, - { - "name" : "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html" - }, - { - "name" : "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html" - }, - { - "name" : "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b", - "refsource" : "CONFIRM", - "url" : "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b" - }, - { - "name" : "serendipity-index-xss(99464)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html" + }, + { + "name": "serendipity-index-xss(99464)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464" + }, + { + "name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded" + }, + { + "name": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html" + }, + { + "name": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html" + }, + { + "name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/108" + }, + { + "name": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b", + "refsource": "CONFIRM", + "url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9488.json b/2014/9xxx/CVE-2014-9488.json index 040516a2da3..2976beb53c8 100644 --- a/2014/9xxx/CVE-2014-9488.json +++ b/2014/9xxx/CVE-2014-9488.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0139.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0139.html" - }, - { - "name" : "FEDORA-2015-9357", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html" - }, - { - "name" : "MDVSA-2015:199", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199" - }, - { - "name" : "openSUSE-SU-2015:0595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-9357", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html" + }, + { + "name": "openSUSE-SU-2015:0595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html" + }, + { + "name": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0139.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0139.html" + }, + { + "name": "MDVSA-2015:199", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2140.json b/2016/2xxx/CVE-2016-2140.json index 024b1fb7d69..03cbf5d26a1 100644 --- a/2016/2xxx/CVE-2016-2140.json +++ b/2016/2xxx/CVE-2016-2140.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160308 Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/08/6" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/1548450", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/1548450" - }, - { - "name" : "https://security.openstack.org/ossa/OSSA-2016-007.html", - "refsource" : "CONFIRM", - "url" : "https://security.openstack.org/ossa/OSSA-2016-007.html" - }, - { - "name" : "84277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/nova/+bug/1548450", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/1548450" + }, + { + "name": "https://security.openstack.org/ossa/OSSA-2016-007.html", + "refsource": "CONFIRM", + "url": "https://security.openstack.org/ossa/OSSA-2016-007.html" + }, + { + "name": "84277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84277" + }, + { + "name": "[oss-security] 20160308 Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/08/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2527.json b/2016/2xxx/CVE-2016-2527.json index 6390848c72e..d946f8f5cff 100644 --- a/2016/2xxx/CVE-2016-2527.json +++ b/2016/2xxx/CVE-2016-2527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-07.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "1035118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "1035118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035118" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-07.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-07.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2761.json b/2016/2xxx/CVE-2016-2761.json index 31efe734ffa..b565b7696c2 100644 --- a/2016/2xxx/CVE-2016-2761.json +++ b/2016/2xxx/CVE-2016-2761.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2761", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2761", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2845.json b/2016/2xxx/CVE-2016-2845.json index f391a1c9f5a..8d27e460cac 100644 --- a/2016/2xxx/CVE-2016-2845.json +++ b/2016/2xxx/CVE-2016-2845.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-2845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html", - "refsource" : "MISC", - "url" : "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" - }, - { - "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=542060", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=542060" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=591402", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=591402" - }, - { - "name" : "https://codereview.chromium.org/1454003003/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1454003003/" - }, - { - "name" : "USN-2920-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2920-1" - }, - { - "name" : "84168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84168" - }, - { - "name" : "1035185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/1454003003/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1454003003/" + }, + { + "name": "1035185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035185" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=591402", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=591402" + }, + { + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=542060", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=542060" + }, + { + "name": "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html", + "refsource": "MISC", + "url": "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html" + }, + { + "name": "84168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84168" + }, + { + "name": "USN-2920-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2920-1" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3108.json b/2016/3xxx/CVE-2016-3108.json index 47a025bea77..d64cac6ec7e 100644 --- a/2016/3xxx/CVE-2016-3108.json +++ b/2016/3xxx/CVE-2016-3108.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/20/1" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=1146475", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=1146475" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1325934", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1325934" - }, - { - "name" : "https://github.com/pulp/pulp/pull/2528", - "refsource" : "CONFIRM", - "url" : "https://github.com/pulp/pulp/pull/2528" - }, - { - "name" : "https://pulp.plan.io/issues/1830", - "refsource" : "CONFIRM", - "url" : "https://pulp.plan.io/issues/1830" - }, - { - "name" : "RHBA-2016:1501", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2016:1501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=1146475", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=1146475" + }, + { + "name": "https://github.com/pulp/pulp/pull/2528", + "refsource": "CONFIRM", + "url": "https://github.com/pulp/pulp/pull/2528" + }, + { + "name": "RHBA-2016:1501", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2016:1501" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325934", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325934" + }, + { + "name": "https://pulp.plan.io/issues/1830", + "refsource": "CONFIRM", + "url": "https://pulp.plan.io/issues/1830" + }, + { + "name": "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3143.json b/2016/3xxx/CVE-2016-3143.json index a45c75742a1..67a245bf4e9 100644 --- a/2016/3xxx/CVE-2016-3143.json +++ b/2016/3xxx/CVE-2016-3143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3634.json b/2016/3xxx/CVE-2016-3634.json index 7137464a225..f105e89f3b9 100644 --- a/2016/3xxx/CVE-2016-3634.json +++ b/2016/3xxx/CVE-2016-3634.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/08/13" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2547", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2547" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "93335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/08/13" + }, + { + "name": "93335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93335" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2547", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2547" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6514.json b/2016/6xxx/CVE-2016-6514.json index 81fceb737d3..97f06e4e56d 100644 --- a/2016/6xxx/CVE-2016-6514.json +++ b/2016/6xxx/CVE-2016-6514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6898.json b/2016/6xxx/CVE-2016-6898.json index 227dc0d546b..a317aff1eeb 100644 --- a/2016/6xxx/CVE-2016-6898.json +++ b/2016/6xxx/CVE-2016-6898.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en" - }, - { - "name" : "92620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92620" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7567.json b/2016/7xxx/CVE-2016-7567.json index 0910229d436..b1521a90506 100644 --- a/2016/7xxx/CVE-2016-7567.json +++ b/2016/7xxx/CVE-2016-7567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45804", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45804/" - }, - { - "name" : "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/27/4" - }, - { - "name" : "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/28/1" - }, - { - "name" : "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/" - }, - { - "name" : "GLSA-201707-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-05" - }, - { - "name" : "93186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/27/4" + }, + { + "name": "93186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93186" + }, + { + "name": "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/28/1" + }, + { + "name": "GLSA-201707-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-05" + }, + { + "name": "45804", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45804/" + }, + { + "name": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7744.json b/2016/7xxx/CVE-2016-7744.json index 82815465cfc..bb0784fa25f 100644 --- a/2016/7xxx/CVE-2016-7744.json +++ b/2016/7xxx/CVE-2016-7744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7744", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7744", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7837.json b/2016/7xxx/CVE-2016-7837.json index 3ddf1c13ed8..646aed8f840 100644 --- a/2016/7xxx/CVE-2016-7837.json +++ b/2016/7xxx/CVE-2016-7837.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-7837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BlueZ", - "version" : { - "version_data" : [ - { - "version_value" : "5.41 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "BlueZ Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-7837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BlueZ", + "version": { + "version_data": [ + { + "version_value": "5.41 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "BlueZ Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601" - }, - { - "name" : "JVN#38755305", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN38755305/index.html" - }, - { - "name" : "95067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#38755305", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN38755305/index.html" + }, + { + "name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601" + }, + { + "name": "95067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95067" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7918.json b/2016/7xxx/CVE-2016-7918.json index 1ebeb111db0..8230d86d59a 100644 --- a/2016/7xxx/CVE-2016-7918.json +++ b/2016/7xxx/CVE-2016-7918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file