From 3da2f6393678de3608577cda54f15474dde79c53 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:06:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0140.json | 180 +++++++++---------- 2006/0xxx/CVE-2006-0152.json | 160 ++++++++--------- 2006/0xxx/CVE-2006-0311.json | 190 ++++++++++---------- 2006/0xxx/CVE-2006-0322.json | 170 +++++++++--------- 2006/0xxx/CVE-2006-0351.json | 220 +++++++++++------------ 2006/0xxx/CVE-2006-0889.json | 160 ++++++++--------- 2006/1xxx/CVE-2006-1057.json | 220 +++++++++++------------ 2006/1xxx/CVE-2006-1065.json | 140 +++++++-------- 2006/1xxx/CVE-2006-1289.json | 250 +++++++++++++------------- 2006/1xxx/CVE-2006-1471.json | 200 ++++++++++----------- 2006/1xxx/CVE-2006-1604.json | 150 ++++++++-------- 2006/4xxx/CVE-2006-4598.json | 170 +++++++++--------- 2006/4xxx/CVE-2006-4951.json | 160 ++++++++--------- 2006/4xxx/CVE-2006-4970.json | 160 ++++++++--------- 2006/5xxx/CVE-2006-5919.json | 170 +++++++++--------- 2010/0xxx/CVE-2010-0787.json | 290 +++++++++++++++--------------- 2010/0xxx/CVE-2010-0876.json | 140 +++++++-------- 2010/0xxx/CVE-2010-0901.json | 120 ++++++------- 2010/2xxx/CVE-2010-2038.json | 160 ++++++++--------- 2010/2xxx/CVE-2010-2084.json | 120 ++++++------- 2010/2xxx/CVE-2010-2988.json | 130 +++++++------- 2010/3xxx/CVE-2010-3242.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3415.json | 140 +++++++-------- 2010/3xxx/CVE-2010-3646.json | 330 +++++++++++++++++------------------ 2010/3xxx/CVE-2010-3733.json | 140 +++++++-------- 2010/4xxx/CVE-2010-4384.json | 150 ++++++++-------- 2010/4xxx/CVE-2010-4478.json | 180 +++++++++---------- 2010/4xxx/CVE-2010-4818.json | 210 +++++++++++----------- 2010/4xxx/CVE-2010-4825.json | 160 ++++++++--------- 2010/4xxx/CVE-2010-4918.json | 150 ++++++++-------- 2011/5xxx/CVE-2011-5053.json | 170 +++++++++--------- 2011/5xxx/CVE-2011-5257.json | 150 ++++++++-------- 2014/3xxx/CVE-2014-3148.json | 150 ++++++++-------- 2014/3xxx/CVE-2014-3524.json | 210 +++++++++++----------- 2014/4xxx/CVE-2014-4009.json | 150 ++++++++-------- 2014/4xxx/CVE-2014-4085.json | 150 ++++++++-------- 2014/4xxx/CVE-2014-4138.json | 180 +++++++++---------- 2014/4xxx/CVE-2014-4542.json | 120 ++++++------- 2014/4xxx/CVE-2014-4758.json | 150 ++++++++-------- 2014/8xxx/CVE-2014-8453.json | 120 ++++++------- 2014/8xxx/CVE-2014-8511.json | 130 +++++++------- 2014/8xxx/CVE-2014-8729.json | 34 ++-- 2014/8xxx/CVE-2014-8743.json | 160 ++++++++--------- 2014/8xxx/CVE-2014-8773.json | 130 +++++++------- 2014/9xxx/CVE-2014-9226.json | 160 ++++++++--------- 2014/9xxx/CVE-2014-9377.json | 160 ++++++++--------- 2014/9xxx/CVE-2014-9493.json | 170 +++++++++--------- 2014/9xxx/CVE-2014-9600.json | 130 +++++++------- 2014/9xxx/CVE-2014-9706.json | 180 +++++++++---------- 2016/2xxx/CVE-2016-2129.json | 34 ++-- 2016/2xxx/CVE-2016-2331.json | 120 ++++++------- 2016/2xxx/CVE-2016-2427.json | 120 ++++++------- 2016/3xxx/CVE-2016-3693.json | 180 +++++++++---------- 2016/3xxx/CVE-2016-3973.json | 150 ++++++++-------- 2016/6xxx/CVE-2016-6047.json | 166 +++++++++--------- 2016/6xxx/CVE-2016-6144.json | 160 ++++++++--------- 2016/6xxx/CVE-2016-6237.json | 130 +++++++------- 2016/6xxx/CVE-2016-6248.json | 34 ++-- 2016/6xxx/CVE-2016-6479.json | 34 ++-- 2016/6xxx/CVE-2016-6760.json | 136 +++++++-------- 2016/7xxx/CVE-2016-7314.json | 34 ++-- 2016/7xxx/CVE-2016-7598.json | 180 +++++++++---------- 2016/7xxx/CVE-2016-7919.json | 140 +++++++-------- 2016/7xxx/CVE-2016-7950.json | 200 ++++++++++----------- 64 files changed, 4941 insertions(+), 4941 deletions(-) diff --git a/2006/0xxx/CVE-2006-0140.json b/2006/0xxx/CVE-2006-0140.json index ed2632789fa..25e32048942 100644 --- a/2006/0xxx/CVE-2006-0140.json +++ b/2006/0xxx/CVE-2006-0140.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060107 [eVuln] NavBoard BBcode XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421149/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/19/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/19/summary.html" - }, - { - "name" : "16165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16165" - }, - { - "name" : "ADV-2006-0092", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0092" - }, - { - "name" : "22277", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22277" - }, - { - "name" : "18345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18345" - }, - { - "name" : "navboard-post-xss(24021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18345" + }, + { + "name": "22277", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22277" + }, + { + "name": "navboard-post-xss(24021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24021" + }, + { + "name": "16165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16165" + }, + { + "name": "http://evuln.com/vulns/19/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/19/summary.html" + }, + { + "name": "20060107 [eVuln] NavBoard BBcode XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421149/100/0/threaded" + }, + { + "name": "ADV-2006-0092", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0092" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0152.json b/2006/0xxx/CVE-2006-0152.json index 72f9297bd7f..2d8dc6a5c37 100644 --- a/2006/0xxx/CVE-2006-0152.json +++ b/2006/0xxx/CVE-2006-0152.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16180" - }, - { - "name" : "ADV-2006-0094", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0094" - }, - { - "name" : "22282", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22282" - }, - { - "name" : "18360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18360" - }, - { - "name" : "phpchamber-searchresult-xss(24029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18360" + }, + { + "name": "16180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16180" + }, + { + "name": "ADV-2006-0094", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0094" + }, + { + "name": "22282", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22282" + }, + { + "name": "phpchamber-searchresult-xss(24029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24029" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0311.json b/2006/0xxx/CVE-2006-0311.json index f0d67358ac2..c7ba634976c 100644 --- a/2006/0xxx/CVE-2006-0311.json +++ b/2006/0xxx/CVE-2006-0311.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 [eVuln] aoblogger Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html" - }, - { - "name" : "http://evuln.com/vulns/37/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/37/summary.html" - }, - { - "name" : "http://mikeheltonisawesome.com/viewcomments.php?idd=46", - "refsource" : "CONFIRM", - "url" : "http://mikeheltonisawesome.com/viewcomments.php?idd=46" - }, - { - "name" : "16286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16286" - }, - { - "name" : "ADV-2006-0240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0240" - }, - { - "name" : "22527", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22527" - }, - { - "name" : "16889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16889" - }, - { - "name" : "aoblogger-login-sql-injection(24142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16889" + }, + { + "name": "ADV-2006-0240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0240" + }, + { + "name": "20060117 [eVuln] aoblogger Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0322.html" + }, + { + "name": "http://mikeheltonisawesome.com/viewcomments.php?idd=46", + "refsource": "CONFIRM", + "url": "http://mikeheltonisawesome.com/viewcomments.php?idd=46" + }, + { + "name": "http://evuln.com/vulns/37/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/37/summary.html" + }, + { + "name": "aoblogger-login-sql-injection(24142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24142" + }, + { + "name": "16286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16286" + }, + { + "name": "22527", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22527" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0322.json b/2006/0xxx/CVE-2006-0322.json index 4a8ae0bada5..ea0fd7a0580 100644 --- a/2006/0xxx/CVE-2006-0322.json +++ b/2006/0xxx/CVE-2006-0322.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via \"certain malformed links.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=386609", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=386609" - }, - { - "name" : "SUSE-SR:2006:003", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html" - }, - { - "name" : "ADV-2006-0392", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0392" - }, - { - "name" : "18711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18711" - }, - { - "name" : "18717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18717" - }, - { - "name" : "mediawiki-comment-format-dos(24478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via \"certain malformed links.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0392", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0392" + }, + { + "name": "SUSE-SR:2006:003", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=386609", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=386609" + }, + { + "name": "18717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18717" + }, + { + "name": "mediawiki-comment-format-dos(24478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24478" + }, + { + "name": "18711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18711" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0351.json b/2006/0xxx/CVE-2006-0351.json index eb0bdff29c5..bdbad8c1c49 100644 --- a/2006/0xxx/CVE-2006-0351.json +++ b/2006/0xxx/CVE-2006-0351.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified \"critical denial-of-service vulnerability\" in MyDNS before 1.1.0 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mydns.bboy.net/download/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://mydns.bboy.net/download/changelog.html" - }, - { - "name" : "DSA-963", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-963" - }, - { - "name" : "GLSA-200601-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml" - }, - { - "name" : "16431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16431" - }, - { - "name" : "ADV-2006-0256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0256" - }, - { - "name" : "22636", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22636" - }, - { - "name" : "1015521", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015521" - }, - { - "name" : "18532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18532" - }, - { - "name" : "18653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18653" - }, - { - "name" : "18641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18641" - }, - { - "name" : "mydns-query-dos(24228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified \"critical denial-of-service vulnerability\" in MyDNS before 1.1.0 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-963", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-963" + }, + { + "name": "mydns-query-dos(24228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24228" + }, + { + "name": "18653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18653" + }, + { + "name": "http://mydns.bboy.net/download/changelog.html", + "refsource": "CONFIRM", + "url": "http://mydns.bboy.net/download/changelog.html" + }, + { + "name": "18641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18641" + }, + { + "name": "16431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16431" + }, + { + "name": "GLSA-200601-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml" + }, + { + "name": "18532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18532" + }, + { + "name": "ADV-2006-0256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0256" + }, + { + "name": "1015521", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015521" + }, + { + "name": "22636", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22636" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0889.json b/2006/0xxx/CVE-2006-0889.json index 0abb30afc6f..3dde979a989 100644 --- a/2006/0xxx/CVE-2006-0889.json +++ b/2006/0xxx/CVE-2006-0889.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16851" - }, - { - "name" : "ADV-2006-0724", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0724" - }, - { - "name" : "23471", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23471" - }, - { - "name" : "19007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19007" - }, - { - "name" : "calcium-eventtext-xss(24907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0724", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0724" + }, + { + "name": "19007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19007" + }, + { + "name": "16851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16851" + }, + { + "name": "23471", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23471" + }, + { + "name": "calcium-eventtext-xss(24907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24907" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1057.json b/2006/1xxx/CVE-2006-1057.json index 425d9e305f2..d702234fa7e 100644 --- a/2006/1xxx/CVE-2006-1057.json +++ b/2006/1xxx/CVE-2006-1057.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303" - }, - { - "name" : "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261", - "refsource" : "CONFIRM", - "url" : "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261" - }, - { - "name" : "DSA-1040", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1040" - }, - { - "name" : "FEDORA-2006-338", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html" - }, - { - "name" : "MDKSA-2006:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083" - }, - { - "name" : "RHSA-2007:0286", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0286.html" - }, - { - "name" : "USN-278-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/278-1/" - }, - { - "name" : "17635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17635" - }, - { - "name" : "oval:org.mitre.oval:def:10092", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092" - }, - { - "name" : "ADV-2006-1465", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1465" - }, - { - "name" : "gdm-slavec-symlink(26092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gdm-slavec-symlink(26092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26092" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303" + }, + { + "name": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261", + "refsource": "CONFIRM", + "url": "http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261" + }, + { + "name": "ADV-2006-1465", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1465" + }, + { + "name": "MDKSA-2006:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:083" + }, + { + "name": "DSA-1040", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1040" + }, + { + "name": "17635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17635" + }, + { + "name": "RHSA-2007:0286", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0286.html" + }, + { + "name": "oval:org.mitre.oval:def:10092", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10092" + }, + { + "name": "FEDORA-2006-338", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html" + }, + { + "name": "USN-278-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/278-1/" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1065.json b/2006/1xxx/CVE-2006-1065.json index c31d9aa69d5..ed2b5d6f8ae 100644 --- a/2006/1xxx/CVE-2006-1065.json +++ b/2006/1xxx/CVE-2006-1065.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060302 MyBB 1.0.4 New SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426631/100/0/threaded" - }, - { - "name" : "19061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19061" - }, - { - "name" : "mybb-search-sql-injection(25018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-search-sql-injection(25018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018" + }, + { + "name": "19061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19061" + }, + { + "name": "20060302 MyBB 1.0.4 New SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426631/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1289.json b/2006/1xxx/CVE-2006-1289.json index c53ed0502df..0075d273480 100644 --- a/2006/1xxx/CVE-2006-1289.json +++ b/2006/1xxx/CVE-2006-1289.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060316 Milkeyway Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427890/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt" - }, - { - "name" : "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt" - }, - { - "name" : "17127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17127" - }, - { - "name" : "ADV-2006-0968", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0968" - }, - { - "name" : "23925", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23925" - }, - { - "name" : "23927", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23927" - }, - { - "name" : "23928", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23928" - }, - { - "name" : "23929", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23929" - }, - { - "name" : "23931", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23931" - }, - { - "name" : "1015778", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015778" - }, - { - "name" : "19258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19258" - }, - { - "name" : "milkeyway-admin-sql-injection(25287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25287" - }, - { - "name" : "milkeyway-multiple-sql-injection(25281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060316 Milkeyway Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427890/100/0/threaded" + }, + { + "name": "1015778", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015778" + }, + { + "name": "23928", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23928" + }, + { + "name": "17127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17127" + }, + { + "name": "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt" + }, + { + "name": "milkeyway-multiple-sql-injection(25281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25281" + }, + { + "name": "23929", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23929" + }, + { + "name": "23925", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23925" + }, + { + "name": "ADV-2006-0968", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0968" + }, + { + "name": "23931", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23931" + }, + { + "name": "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt" + }, + { + "name": "23927", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23927" + }, + { + "name": "19258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19258" + }, + { + "name": "milkeyway-admin-sql-injection(25287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25287" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1471.json b/2006/1xxx/CVE-2006-1471.json index 3a9d42b7e3e..7c69b9c593f 100644 --- a/2006/1xxx/CVE-2006-1471.json +++ b/2006/1xxx/CVE-2006-1471.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability'", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438699/100/0/threaded" - }, - { - "name" : "APPLE-SA-2006-06-27", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html" - }, - { - "name" : "18686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18686" - }, - { - "name" : "18724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18724" - }, - { - "name" : "ADV-2006-2566", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2566" - }, - { - "name" : "26933", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26933" - }, - { - "name" : "1016397", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016397" - }, - { - "name" : "20877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20877" - }, - { - "name" : "macosx-launchd-format-string(27479)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-06-27", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html" + }, + { + "name": "1016397", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016397" + }, + { + "name": "18686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18686" + }, + { + "name": "macosx-launchd-format-string(27479)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27479" + }, + { + "name": "20060629 DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability'", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438699/100/0/threaded" + }, + { + "name": "26933", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26933" + }, + { + "name": "20877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20877" + }, + { + "name": "ADV-2006-2566", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2566" + }, + { + "name": "18724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18724" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1604.json b/2006/1xxx/CVE-2006-1604.json index 2230bed1957..d55c7ea4047 100644 --- a/2006/1xxx/CVE-2006-1604.json +++ b/2006/1xxx/CVE-2006-1604.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not \"typecasted.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524" - }, - { - "name" : "17357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17357" - }, - { - "name" : "ADV-2006-1201", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1201" - }, - { - "name" : "19498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not \"typecasted.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1201", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1201" + }, + { + "name": "19498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19498" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524" + }, + { + "name": "17357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17357" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4598.json b/2006/4xxx/CVE-2006-4598.json index 5f6ca3f6a50..2375569674c 100644 --- a/2006/4xxx/CVE-2006-4598.json +++ b/2006/4xxx/CVE-2006-4598.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060902 ssLinks <=v1.22 Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445009/100/0/threaded" - }, - { - "name" : "20060928 Re: ssLinks <=v1.22 Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447319/100/0/threaded" - }, - { - "name" : "19815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19815" - }, - { - "name" : "ADV-2006-3443", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3443" - }, - { - "name" : "21736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21736" - }, - { - "name" : "1505", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21736" + }, + { + "name": "20060928 Re: ssLinks <=v1.22 Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447319/100/0/threaded" + }, + { + "name": "ADV-2006-3443", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3443" + }, + { + "name": "1505", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1505" + }, + { + "name": "20060902 ssLinks <=v1.22 Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445009/100/0/threaded" + }, + { + "name": "19815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19815" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4951.json b/2006/4xxx/CVE-2006-4951.json index 51ad57455e2..d35446c3d09 100644 --- a/2006/4xxx/CVE-2006-4951.json +++ b/2006/4xxx/CVE-2006-4951.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vuln.sg/neonmail506-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/neonmail506-en.html" - }, - { - "name" : "20109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20109" - }, - { - "name" : "84198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84198" - }, - { - "name" : "22029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22029" - }, - { - "name" : "neonwebmail-jsp-file-upload(29086)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20109" + }, + { + "name": "http://vuln.sg/neonmail506-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/neonmail506-en.html" + }, + { + "name": "22029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22029" + }, + { + "name": "84198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84198" + }, + { + "name": "neonwebmail-jsp-file-upload(29086)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29086" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4970.json b/2006/4xxx/CVE-2006-4970.json index 563b4f4ab30..73489348b7d 100644 --- a/2006/4xxx/CVE-2006-4970.json +++ b/2006/4xxx/CVE-2006-4970.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060919 Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446419/100/0/threaded" - }, - { - "name" : "2392", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2392" - }, - { - "name" : "20112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20112" - }, - { - "name" : "1624", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1624" - }, - { - "name" : "piecartpro-content-file-include(29021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "piecartpro-content-file-include(29021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29021" + }, + { + "name": "1624", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1624" + }, + { + "name": "20112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20112" + }, + { + "name": "2392", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2392" + }, + { + "name": "20060919 Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446419/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5919.json b/2006/5xxx/CVE-2006-5919.json index 4a2bdf32f2e..8f9487082e5 100644 --- a/2006/5xxx/CVE-2006-5919.json +++ b/2006/5xxx/CVE-2006-5919.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450944/100/0/threaded" - }, - { - "name" : "2364", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2364" - }, - { - "name" : "20020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20020" - }, - { - "name" : "20857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20857" - }, - { - "name" : "1861", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1861" - }, - { - "name" : "knowledgebuilder-visedit-file-include(30134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061108 knowledgeBuilder v.2.2.php.NuLL-WDYL=> Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450944/100/0/threaded" + }, + { + "name": "knowledgebuilder-visedit-file-include(30134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30134" + }, + { + "name": "20857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20857" + }, + { + "name": "20020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20020" + }, + { + "name": "1861", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1861" + }, + { + "name": "2364", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2364" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0787.json b/2010/0xxx/CVE-2010-0787.json index 59178b95eb3..b1875b63806 100644 --- a/2010/0xxx/CVE-2010-0787.json +++ b/2010/0xxx/CVE-2010-0787.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.samba.org/?p=samba.git;a=commit;h=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80", - "refsource" : "CONFIRM", - "url" : "http://git.samba.org/?p=samba.git;a=commit;h=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80" - }, - { - "name" : "http://git.samba.org/?p=samba.git;a=commit;h=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5", - "refsource" : "CONFIRM", - "url" : "http://git.samba.org/?p=samba.git;a=commit;h=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=532940", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=532940" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=558833", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=558833" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=6853", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=6853" - }, - { - "name" : "FEDORA-2010-1190", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html" - }, - { - "name" : "FEDORA-2010-1218", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html" - }, - { - "name" : "GLSA-201206-29", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-29.xml" - }, - { - "name" : "MDVSA-2010:090", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:090" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "USN-893-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-893-1" - }, - { - "name" : "37992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37992" - }, - { - "name" : "39898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39898" - }, - { - "name" : "38286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38286" - }, - { - "name" : "38308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38308" - }, - { - "name" : "38357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38357" - }, - { - "name" : "ADV-2010-1062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1062" - }, - { - "name" : "sambaclient-mountcifs-symlink(55944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38286" + }, + { + "name": "ADV-2010-1062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1062" + }, + { + "name": "FEDORA-2010-1218", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html" + }, + { + "name": "38308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38308" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=558833", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=558833" + }, + { + "name": "GLSA-201206-29", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-29.xml" + }, + { + "name": "FEDORA-2010-1190", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html" + }, + { + "name": "39898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39898" + }, + { + "name": "http://git.samba.org/?p=samba.git;a=commit;h=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5", + "refsource": "CONFIRM", + "url": "http://git.samba.org/?p=samba.git;a=commit;h=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5" + }, + { + "name": "USN-893-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-893-1" + }, + { + "name": "MDVSA-2010:090", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:090" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=532940", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532940" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "37992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37992" + }, + { + "name": "http://git.samba.org/?p=samba.git;a=commit;h=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80", + "refsource": "CONFIRM", + "url": "http://git.samba.org/?p=samba.git;a=commit;h=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80" + }, + { + "name": "38357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38357" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=6853", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=6853" + }, + { + "name": "sambaclient-mountcifs-symlink(55944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55944" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0876.json b/2010/0xxx/CVE-2010-0876.json index 4dce7d26ea8..5d0723ada37 100644 --- a/2010/0xxx/CVE-2010-0876.json +++ b/2010/0xxx/CVE-2010-0876.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "1023872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "1023872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023872" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0901.json b/2010/0xxx/CVE-2010-0901.json index 32739953952..a2318c5fa4f 100644 --- a/2010/0xxx/CVE-2010-0901.json +++ b/2010/0xxx/CVE-2010-0901.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2038.json b/2010/2xxx/CVE-2010-2038.json index 23fd4ce3217..808ea2788c5 100644 --- a/2010/2xxx/CVE-2010-2038.json +++ b/2010/2xxx/CVE-2010-2038.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100520 XSS vulnerability in gpEasy CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511388/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1005-exploits/gpeasycms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/gpeasycms-xss.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_gpeasy_cms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_gpeasy_cms.html" - }, - { - "name" : "40330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40330" - }, - { - "name" : "39643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1005-exploits/gpeasycms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/gpeasycms-xss.txt" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_gpeasy_cms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_gpeasy_cms.html" + }, + { + "name": "20100520 XSS vulnerability in gpEasy CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511388/100/0/threaded" + }, + { + "name": "40330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40330" + }, + { + "name": "39643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39643" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2084.json b/2010/2xxx/CVE-2010-2084.json index f86bffc60a2..5cc4bcec3f2 100644 --- a/2010/2xxx/CVE-2010-2084.json +++ b/2010/2xxx/CVE-2010-2084.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", - "refsource" : "MISC", - "url" : "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", + "refsource": "MISC", + "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2988.json b/2010/2xxx/CVE-2010-2988.json index fbdb94d56df..aa51065b551 100644 --- a/2010/2xxx/CVE-2010-2988.json +++ b/2010/2xxx/CVE-2010-2988.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - }, - { - "name" : "40827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + }, + { + "name": "40827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40827" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3242.json b/2010/3xxx/CVE-2010-3242.json index aad9e2a7695..4bf86e35357 100644 --- a/2010/3xxx/CVE-2010-3242.json +++ b/2010/3xxx/CVE-2010-3242.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Ghost Record Type Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6902", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Ghost Record Type Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6902", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6902" + }, + { + "name": "MS10-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3415.json b/2010/3xxx/CVE-2010-3415.json index 4f73ecb1039..a58f3bc34a4 100644 --- a/2010/3xxx/CVE-2010-3415.json +++ b/2010/3xxx/CVE-2010-3415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=53394", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=53394" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" - }, - { - "name" : "oval:org.mitre.oval:def:7620", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7620", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7620" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=53394", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=53394" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3646.json b/2010/3xxx/CVE-2010-3646.json index 6e88ce93d43..07161916ef6 100644 --- a/2010/3xxx/CVE-2010-3646.json +++ b/2010/3xxx/CVE-2010-3646.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02663", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "SSRT100428", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2" - }, - { - "name" : "RHSA-2010:0829", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0829.html" - }, - { - "name" : "RHSA-2010:0834", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0834.html" - }, - { - "name" : "RHSA-2010:0867", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0867.html" - }, - { - "name" : "SUSE-SA:2010:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" - }, - { - "name" : "44682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44682" - }, - { - "name" : "oval:org.mitre.oval:def:11922", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11922" - }, - { - "name" : "oval:org.mitre.oval:def:16183", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16183" - }, - { - "name" : "42183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42183" - }, - { - "name" : "42926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42926" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-2903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2903" - }, - { - "name" : "ADV-2010-2906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2906" - }, - { - "name" : "ADV-2010-2918", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2918" - }, - { - "name" : "ADV-2011-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0173" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "42183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42183" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "ADV-2010-2918", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2918" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "RHSA-2010:0834", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0834.html" + }, + { + "name": "44682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44682" + }, + { + "name": "SUSE-SA:2010:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html" + }, + { + "name": "42926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42926" + }, + { + "name": "SSRT100428", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2010-2903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2903" + }, + { + "name": "HPSBMA02663", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2" + }, + { + "name": "ADV-2011-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0173" + }, + { + "name": "oval:org.mitre.oval:def:11922", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11922" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html" + }, + { + "name": "oval:org.mitre.oval:def:16183", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16183" + }, + { + "name": "ADV-2010-2906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2906" + }, + { + "name": "RHSA-2010:0867", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0867.html" + }, + { + "name": "RHSA-2010:0829", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0829.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3733.json b/2010/3xxx/CVE-2010-3733.json index a7fc1987fe8..730b34189a0 100644 --- a/2010/3xxx/CVE-2010-3733.json +++ b/2010/3xxx/CVE-2010-3733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IZ68463", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463" - }, - { - "name" : "oval:org.mitre.oval:def:14707", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ68463", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "oval:org.mitre.oval:def:14707", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4384.json b/2010/4xxx/CVE-2010-4384.json index 77dd3953e1d..63520ac84fc 100644 --- a/2010/4xxx/CVE-2010-4384.json +++ b/2010/4xxx/CVE-2010-4384.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-268", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-268" - }, - { - "name" : "http://service.real.com/realplayer/security/12102010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/12102010_player/en/" - }, - { - "name" : "RHSA-2010:0981", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0981.html" - }, - { - "name" : "1024861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-268", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-268" + }, + { + "name": "RHSA-2010:0981", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html" + }, + { + "name": "1024861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024861" + }, + { + "name": "http://service.real.com/realplayer/security/12102010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/12102010_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4478.json b/2010/4xxx/CVE-2010-4478.json index 1c411e2d716..ee15d4100b0 100644 --- a/2010/4xxx/CVE-2010-4478.json +++ b/2010/4xxx/CVE-2010-4478.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf", - "refsource" : "MISC", - "url" : "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf" - }, - { - "name" : "https://github.com/seb-m/jpake", - "refsource" : "MISC", - "url" : "https://github.com/seb-m/jpake" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=659297", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=659297" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673" - }, - { - "name" : "oval:org.mitre.oval:def:12338", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673" + }, + { + "name": "oval:org.mitre.oval:def:12338", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h" + }, + { + "name": "https://github.com/seb-m/jpake", + "refsource": "MISC", + "url": "https://github.com/seb-m/jpake" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=659297", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297" + }, + { + "name": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf", + "refsource": "MISC", + "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4818.json b/2010/4xxx/CVE-2010-4818.json index b02572b6451..ce91ba351ff 100644 --- a/2010/4xxx/CVE-2010-4818.json +++ b/2010/4xxx/CVE-2010-4818.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110922 CVE Request: Missing input sanitation in various X GLX calls", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/22/7" - }, - { - "name" : "[oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/23/4" - }, - { - "name" : "[oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/23/6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=740954", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=740954" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=28823", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=28823" - }, - { - "name" : "RHSA-2011:1359", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1359.html" - }, - { - "name" : "RHSA-2011:1360", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1360.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=28823", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=28823" + }, + { + "name": "[oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/23/6" + }, + { + "name": "RHSA-2011:1359", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1359.html" + }, + { + "name": "RHSA-2011:1360", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1360.html" + }, + { + "name": "[oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/23/4" + }, + { + "name": "[oss-security] 20110922 CVE Request: Missing input sanitation in various X GLX calls", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/22/7" + }, + { + "name": "http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=740954", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740954" + }, + { + "name": "http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4" + }, + { + "name": "http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4825.json b/2010/4xxx/CVE-2010-4825.json index 624cda5b3f5..733f422af5d 100644 --- a/2010/4xxx/CVE-2010-4825.json +++ b/2010/4xxx/CVE-2010-4825.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68", - "refsource" : "MISC", - "url" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68" - }, - { - "name" : "45294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45294" - }, - { - "name" : "69760", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69760" - }, - { - "name" : "42542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42542" - }, - { - "name" : "twitterfeed-url-xss(63942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68", + "refsource": "MISC", + "url": "http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68" + }, + { + "name": "42542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42542" + }, + { + "name": "45294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45294" + }, + { + "name": "69760", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69760" + }, + { + "name": "twitterfeed-url-xss(63942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63942" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4918.json b/2010/4xxx/CVE-2010-4918.json index 0ae65258208..2cf7edc7558 100644 --- a/2010/4xxx/CVE-2010-4918.json +++ b/2010/4xxx/CVE-2010-4918.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14896", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14896" - }, - { - "name" : "http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt" - }, - { - "name" : "8451", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8451" - }, - { - "name" : "magazine-functions-file-include(61598)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt" + }, + { + "name": "8451", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8451" + }, + { + "name": "magazine-functions-file-include(61598)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61598" + }, + { + "name": "14896", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14896" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5053.json b/2011/5xxx/CVE-2011-5053.json index a3457067ccb..ecfd285f8a8 100644 --- a/2011/5xxx/CVE-2011-5053.json +++ b/2011/5xxx/CVE-2011-5053.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-5053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/reaver-wps/", - "refsource" : "MISC", - "url" : "http://code.google.com/p/reaver-wps/" - }, - { - "name" : "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf", - "refsource" : "MISC", - "url" : "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf" - }, - { - "name" : "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/", - "refsource" : "MISC", - "url" : "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/" - }, - { - "name" : "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps" - }, - { - "name" : "TA12-006A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-006A.html" - }, - { - "name" : "VU#723755", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/723755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wi-Fi Protected Setup (WPS) protocol, when the \"external registrar\" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/reaver-wps/", + "refsource": "MISC", + "url": "http://code.google.com/p/reaver-wps/" + }, + { + "name": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/", + "refsource": "MISC", + "url": "http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/" + }, + { + "name": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf", + "refsource": "MISC", + "url": "http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf" + }, + { + "name": "VU#723755", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/723755" + }, + { + "name": "TA12-006A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-006A.html" + }, + { + "name": "20120111 Wi-Fi Protected Setup PIN Brute Force Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5257.json b/2011/5xxx/CVE-2011-5257.json index 5ee82779e2f..03cbf14f622 100644 --- a/2011/5xxx/CVE-2011-5257.json +++ b/2011/5xxx/CVE-2011-5257.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18053", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18053" - }, - { - "name" : "http://docs.appthemes.com/classipress/classipress-version-3-1-5/", - "refsource" : "CONFIRM", - "url" : "http://docs.appthemes.com/classipress/classipress-version-3-1-5/" - }, - { - "name" : "76712", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/76712" - }, - { - "name" : "46658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46658" + }, + { + "name": "76712", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/76712" + }, + { + "name": "http://docs.appthemes.com/classipress/classipress-version-3-1-5/", + "refsource": "CONFIRM", + "url": "http://docs.appthemes.com/classipress/classipress-version-3-1-5/" + }, + { + "name": "18053", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18053" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3148.json b/2014/3xxx/CVE-2014-3148.json index 84bfb3e6f34..f8f1373b4b5 100644 --- a/2014/3xxx/CVE-2014-3148.json +++ b/2014/3xxx/CVE-2014-3148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128338/OKCupid-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128338/OKCupid-Cross-Site-Scripting.html" - }, - { - "name" : "https://hackerone.com/reports/3317", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/3317" - }, - { - "name" : "https://twitter.com/infosecmaverick/status/462573038299803648", - "refsource" : "MISC", - "url" : "https://twitter.com/infosecmaverick/status/462573038299803648" - }, - { - "name" : "https://github.com/okws/okws/commit/e9bedb644d106a043e33e1058bedd1c2c0b2e2e0", - "refsource" : "CONFIRM", - "url" : "https://github.com/okws/okws/commit/e9bedb644d106a043e33e1058bedd1c2c0b2e2e0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128338/OKCupid-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128338/OKCupid-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/okws/okws/commit/e9bedb644d106a043e33e1058bedd1c2c0b2e2e0", + "refsource": "CONFIRM", + "url": "https://github.com/okws/okws/commit/e9bedb644d106a043e33e1058bedd1c2c0b2e2e0" + }, + { + "name": "https://twitter.com/infosecmaverick/status/462573038299803648", + "refsource": "MISC", + "url": "https://twitter.com/infosecmaverick/status/462573038299803648" + }, + { + "name": "https://hackerone.com/reports/3317", + "refsource": "MISC", + "url": "https://hackerone.com/reports/3317" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3524.json b/2014/3xxx/CVE-2014-3524.json index 9f0ac7f7060..02264209c92 100644 --- a/2014/3xxx/CVE-2014-3524.json +++ b/2014/3xxx/CVE-2014-3524.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533200/100/0/threaded" - }, - { - "name" : "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/", - "refsource" : "CONFIRM", - "url" : "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2014-3524.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2014-3524.html" - }, - { - "name" : "GLSA-201603-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-05" - }, - { - "name" : "69351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69351" - }, - { - "name" : "1030755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030755" - }, - { - "name" : "59600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59600" - }, - { - "name" : "60235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60235" - }, - { - "name" : "59877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59877" - }, - { - "name" : "apache-openoffice-cve20143524-command-exec(95421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69351" + }, + { + "name": "60235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60235" + }, + { + "name": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/", + "refsource": "CONFIRM", + "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/" + }, + { + "name": "20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533200/100/0/threaded" + }, + { + "name": "apache-openoffice-cve20143524-command-exec(95421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95421" + }, + { + "name": "1030755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030755" + }, + { + "name": "59877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59877" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2014-3524.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2014-3524.html" + }, + { + "name": "GLSA-201603-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-05" + }, + { + "name": "59600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59600" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4009.json b/2014/4xxx/CVE-2014-4009.json index 3069d39a432..babffa8f14a 100644 --- a/2014/4xxx/CVE-2014-4009.json +++ b/2014/4xxx/CVE-2014-4009.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/36" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1911174", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1911174" - }, - { - "name" : "67920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67920" + }, + { + "name": "https://service.sap.com/sap/support/notes/1911174", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1911174" + }, + { + "name": "20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/36" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4085.json b/2014/4xxx/CVE-2014-4085.json index b3cb365cc11..c847b93bb24 100644 --- a/2014/4xxx/CVE-2014-4085.json +++ b/2014/4xxx/CVE-2014-4085.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69589" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - }, - { - "name" : "ms-ie-cve20144085-code-exec(95515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69589" + }, + { + "name": "ms-ie-cve20144085-code-exec(95515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95515" + }, + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4138.json b/2014/4xxx/CVE-2014-4138.json index d7722f893fc..131c497e698 100644 --- a/2014/4xxx/CVE-2014-4138.json +++ b/2014/4xxx/CVE-2014-4138.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4130 and CVE-2014-4132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40960", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40960/" - }, - { - "name" : "http://blog.skylined.nl/20161221001.html", - "refsource" : "MISC", - "url" : "http://blog.skylined.nl/20161221001.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html" - }, - { - "name" : "MS14-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" - }, - { - "name" : "70340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70340" - }, - { - "name" : "1031018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031018" - }, - { - "name" : "60968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4130 and CVE-2014-4132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70340" + }, + { + "name": "60968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60968" + }, + { + "name": "http://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html" + }, + { + "name": "40960", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40960/" + }, + { + "name": "1031018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031018" + }, + { + "name": "MS14-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056" + }, + { + "name": "http://blog.skylined.nl/20161221001.html", + "refsource": "MISC", + "url": "http://blog.skylined.nl/20161221001.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4542.json b/2014/4xxx/CVE-2014-4542.json index e4c0e64f46b..2ba3428f9cb 100644 --- a/2014/4xxx/CVE-2014-4542.json +++ b/2014/4xxx/CVE-2014-4542.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-ooorl-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-ooorl-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-ooorl-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-ooorl-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4758.json b/2014/4xxx/CVE-2014-4758.json index 01923eba090..a80bf72d930 100644 --- a/2014/4xxx/CVE-2014-4758.json +++ b/2014/4xxx/CVE-2014-4758.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680795", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680795" - }, - { - "name" : "JR50215", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215" - }, - { - "name" : "60851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60851" - }, - { - "name" : "ibm-websphere-cve20144758-sec-bypass(94485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR50215", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680795", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680795" + }, + { + "name": "60851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60851" + }, + { + "name": "ibm-websphere-cve20144758-sec-bypass(94485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94485" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8453.json b/2014/8xxx/CVE-2014-8453.json index ea53e456e32..9d2cb380d43 100644 --- a/2014/8xxx/CVE-2014-8453.json +++ b/2014/8xxx/CVE-2014-8453.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-8453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8511.json b/2014/8xxx/CVE-2014-8511.json index 3e5e4a0b974..4b5956058f2 100644 --- a/2014/8xxx/CVE-2014-8511.json +++ b/2014/8xxx/CVE-2014-8511.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-344-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-350-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8729.json b/2014/8xxx/CVE-2014-8729.json index 9c926e9f304..d16d5164dbe 100644 --- a/2014/8xxx/CVE-2014-8729.json +++ b/2014/8xxx/CVE-2014-8729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8729", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8729", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8743.json b/2014/8xxx/CVE-2014-8743.json index d3a721cb957..26873d0a7c3 100644 --- a/2014/8xxx/CVE-2014-8743.json +++ b/2014/8xxx/CVE-2014-8743.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2200453", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2200453" - }, - { - "name" : "https://www.drupal.org/node/2013653", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2013653" - }, - { - "name" : "65677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65677" - }, - { - "name" : "56790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56790" - }, - { - "name" : "maestro-drupal-xss(91274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2013653", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2013653" + }, + { + "name": "56790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56790" + }, + { + "name": "https://drupal.org/node/2200453", + "refsource": "MISC", + "url": "https://drupal.org/node/2200453" + }, + { + "name": "maestro-drupal-xss(91274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91274" + }, + { + "name": "65677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65677" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8773.json b/2014/8xxx/CVE-2014-8773.json index 950c270a69d..a192c1ebae5 100644 --- a/2014/8xxx/CVE-2014-8773.json +++ b/2014/8xxx/CVE-2014-8773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hacktivity.websecgeeks.com/modx-csrf-and-xss/", - "refsource" : "MISC", - "url" : "http://hacktivity.websecgeeks.com/modx-csrf-and-xss/" - }, - { - "name" : "http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior", - "refsource" : "CONFIRM", - "url" : "http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hacktivity.websecgeeks.com/modx-csrf-and-xss/", + "refsource": "MISC", + "url": "http://hacktivity.websecgeeks.com/modx-csrf-and-xss/" + }, + { + "name": "http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior", + "refsource": "CONFIRM", + "url": "http://forums.modx.com/thread/92152/critical-login-xss-csrf-revolution-2-2-1-4-and-prior" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9226.json b/2014/9xxx/CVE-2014-9226.json index b3a1a18877f..20d4e28bf56 100644 --- a/2014/9xxx/CVE-2014-9226.json +++ b/2014/9xxx/CVE-2014-9226.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-9226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534527/100/0/threaded" - }, - { - "name" : "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/91" - }, - { - "name" : "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" - }, - { - "name" : "72095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" + }, + { + "name": "72095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72095" + }, + { + "name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html" + }, + { + "name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/91" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9377.json b/2014/9xxx/CVE-2014-9377.json index 690d4a59faf..4f1b517973e 100644 --- a/2014/9xxx/CVE-2014-9377.json +++ b/2014/9xxx/CVE-2014-9377.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534248/100/0/threaded" - }, - { - "name" : "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", - "refsource" : "MISC", - "url" : "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/" - }, - { - "name" : "https://github.com/Ettercap/ettercap/pull/603", - "refsource" : "CONFIRM", - "url" : "https://github.com/Ettercap/ettercap/pull/603" - }, - { - "name" : "GLSA-201505-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201505-01" - }, - { - "name" : "71690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201505-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201505-01" + }, + { + "name": "https://github.com/Ettercap/ettercap/pull/603", + "refsource": "CONFIRM", + "url": "https://github.com/Ettercap/ettercap/pull/603" + }, + { + "name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", + "refsource": "MISC", + "url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/" + }, + { + "name": "71690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71690" + }, + { + "name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9493.json b/2014/9xxx/CVE-2014-9493.json index 058be77baa1..acffa60b446 100644 --- a/2014/9xxx/CVE-2014-9493.json +++ b/2014/9xxx/CVE-2014-9493.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html" - }, - { - "name" : "https://bugs.launchpad.net/glance/+bug/1400966", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/glance/+bug/1400966" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "https://security.openstack.org/ossa/OSSA-2014-041.html", - "refsource" : "CONFIRM", - "url" : "https://security.openstack.org/ossa/OSSA-2014-041.html" - }, - { - "name" : "RHSA-2015:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0246.html" - }, - { - "name" : "71688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html" + }, + { + "name": "https://bugs.launchpad.net/glance/+bug/1400966", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/glance/+bug/1400966" + }, + { + "name": "https://security.openstack.org/ossa/OSSA-2014-041.html", + "refsource": "CONFIRM", + "url": "https://security.openstack.org/ossa/OSSA-2014-041.html" + }, + { + "name": "71688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71688" + }, + { + "name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9600.json b/2014/9xxx/CVE-2014-9600.json index dd76a2ff9c2..8632c8865c2 100644 --- a/2014/9xxx/CVE-2014-9600.json +++ b/2014/9xxx/CVE-2014-9600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129764/iExplorer-3.6.3.0-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129764/iExplorer-3.6.3.0-DLL-Hijacking.html" - }, - { - "name" : "macroplant-iexplorer-dll-code-execution(99833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129764/iExplorer-3.6.3.0-DLL-Hijacking.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129764/iExplorer-3.6.3.0-DLL-Hijacking.html" + }, + { + "name": "macroplant-iexplorer-dll-code-execution(99833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99833" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9706.json b/2014/9xxx/CVE-2014-9706.json index 0d6e8d59a9f..1fb74d1106e 100644 --- a/2014/9xxx/CVE-2014-9706.json +++ b/2014/9xxx/CVE-2014-9706.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-9706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dulwich-users] 20141219 Re: Git vulnerability CVE-2014-9390", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/dulwich-users/msg00827.html" - }, - { - "name" : "[oss-security] 20150321 Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/21/1" - }, - { - "name" : "[oss-security] 20150322 Re: Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/22/26" - }, - { - "name" : "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176" - }, - { - "name" : "DSA-3206", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3206" - }, - { - "name" : "FEDORA-2015-4534", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.html" - }, - { - "name" : "FEDORA-2015-4575", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3206", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3206" + }, + { + "name": "FEDORA-2015-4534", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.html" + }, + { + "name": "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176" + }, + { + "name": "[oss-security] 20150322 Re: Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/22/26" + }, + { + "name": "[oss-security] 20150321 Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/21/1" + }, + { + "name": "[dulwich-users] 20141219 Re: Git vulnerability CVE-2014-9390", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/dulwich-users/msg00827.html" + }, + { + "name": "FEDORA-2015-4575", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2129.json b/2016/2xxx/CVE-2016-2129.json index 469974f218b..d113f6cc51a 100644 --- a/2016/2xxx/CVE-2016-2129.json +++ b/2016/2xxx/CVE-2016-2129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2129", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2129", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2331.json b/2016/2xxx/CVE-2016-2331.json index 6f2df4a3554..1e3c63bc02a 100644 --- a/2016/2xxx/CVE-2016-2331.json +++ b/2016/2xxx/CVE-2016-2331.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#822980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/822980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#822980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/822980" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2427.json b/2016/2xxx/CVE-2016-2427.json index 8ed34744f75..e9f5e0c7d53 100644 --- a/2016/2xxx/CVE-2016-2427.json +++ b/2016/2xxx/CVE-2016-2427.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating \"This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "MISC", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating \"This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "MISC", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3693.json b/2016/3xxx/CVE-2016-3693.json index fa7a3060174..c4d42f90fff 100644 --- a/2016/3xxx/CVE-2016-3693.json +++ b/2016/3xxx/CVE-2016-3693.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160420 CVE-2016-3693: Foreman application information leakage through templates", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/8" - }, - { - "name" : "http://projects.theforeman.org/issues/14635", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/14635" - }, - { - "name" : "http://rubysec.com/advisories/CVE-2016-3693/", - "refsource" : "CONFIRM", - "url" : "http://rubysec.com/advisories/CVE-2016-3693/" - }, - { - "name" : "http://theforeman.org/security.html#2016-3693", - "refsource" : "CONFIRM", - "url" : "http://theforeman.org/security.html#2016-3693" - }, - { - "name" : "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f", - "refsource" : "CONFIRM", - "url" : "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f" - }, - { - "name" : "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2" - }, - { - "name" : "RHSA-2018:0336", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2" + }, + { + "name": "http://theforeman.org/security.html#2016-3693", + "refsource": "CONFIRM", + "url": "http://theforeman.org/security.html#2016-3693" + }, + { + "name": "RHSA-2018:0336", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0336" + }, + { + "name": "[oss-security] 20160420 CVE-2016-3693: Foreman application information leakage through templates", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/8" + }, + { + "name": "http://rubysec.com/advisories/CVE-2016-3693/", + "refsource": "CONFIRM", + "url": "http://rubysec.com/advisories/CVE-2016-3693/" + }, + { + "name": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f", + "refsource": "CONFIRM", + "url": "https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f" + }, + { + "name": "http://projects.theforeman.org/issues/14635", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/14635" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3973.json b/2016/3xxx/CVE-2016-3973.json index 29caf20d5e9..103a3b4a09d 100644 --- a/2016/3xxx/CVE-2016-3973.json +++ b/2016/3xxx/CVE-2016-3973.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing \"Add users\", and doing a search, aka SAP Security Note 2255990." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160621 [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jun/46" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/" - }, - { - "name" : "http://packetstormsecurity.com/files/137579/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137579/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing \"Add users\", and doing a search, aka SAP Security Note 2255990." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/137579/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137579/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html" + }, + { + "name": "https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/" + }, + { + "name": "https://erpscan.io/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-16-016-sap-netweaver-7-4-information-disclosure-wd_chat/" + }, + { + "name": "20160621 [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jun/46" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6047.json b/2016/6xxx/CVE-2016-6047.json index 34d21b1095b..a1bc1be4957 100644 --- a/2016/6xxx/CVE-2016-6047.json +++ b/2016/6xxx/CVE-2016-6047.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21991154", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21991154" - }, - { - "name" : "94843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21991154", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21991154" + }, + { + "name": "94843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94843" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6144.json b/2016/6xxx/CVE-2016-6144.json index b9135db253d..f1cfada49f3 100644 --- a/2016/6xxx/CVE-2016-6144.json +++ b/2016/6xxx/CVE-2016-6144.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as \"False,\" which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160819 Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Aug/91" - }, - { - "name" : "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components" - }, - { - "name" : "https://www.onapsis.com/research/security-advisories/sap-hana-system-user-brute-force-attack", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/research/security-advisories/sap-hana-system-user-brute-force-attack" - }, - { - "name" : "http://packetstormsecurity.com/files/138443/SAP-HANA-DB-1.00.73.00.389160-SYSTEM-User-Brute-Force.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138443/SAP-HANA-DB-1.00.73.00.389160-SYSTEM-User-Brute-Force.html" - }, - { - "name" : "92065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as \"False,\" which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.onapsis.com/research/security-advisories/sap-hana-system-user-brute-force-attack", + "refsource": "MISC", + "url": "https://www.onapsis.com/research/security-advisories/sap-hana-system-user-brute-force-attack" + }, + { + "name": "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components", + "refsource": "MISC", + "url": "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components" + }, + { + "name": "92065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92065" + }, + { + "name": "20160819 Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Aug/91" + }, + { + "name": "http://packetstormsecurity.com/files/138443/SAP-HANA-DB-1.00.73.00.389160-SYSTEM-User-Brute-Force.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138443/SAP-HANA-DB-1.00.73.00.389160-SYSTEM-User-Brute-Force.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6237.json b/2016/6xxx/CVE-2016-6237.json index a130e293195..0e734a4a5d9 100644 --- a/2016/6xxx/CVE-2016-6237.json +++ b/2016/6xxx/CVE-2016-6237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/17/6" - }, - { - "name" : "https://github.com/dropbox/lepton/issues/26", - "refsource" : "CONFIRM", - "url" : "https://github.com/dropbox/lepton/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dropbox/lepton/issues/26", + "refsource": "CONFIRM", + "url": "https://github.com/dropbox/lepton/issues/26" + }, + { + "name": "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/17/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6248.json b/2016/6xxx/CVE-2016-6248.json index 9734ac25067..5af6d8c1a9c 100644 --- a/2016/6xxx/CVE-2016-6248.json +++ b/2016/6xxx/CVE-2016-6248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6248", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6248", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6479.json b/2016/6xxx/CVE-2016-6479.json index beaaa2bf9d7..e192b6308a1 100644 --- a/2016/6xxx/CVE-2016-6479.json +++ b/2016/6xxx/CVE-2016-6479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6479", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6479. Reason: This candidate is a duplicate of CVE-2015-6479. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-6479 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-6479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6479. Reason: This candidate is a duplicate of CVE-2015-6479. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-6479 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6760.json b/2016/6xxx/CVE-2016-6760.json index 721545886ea..034eff85c7e 100644 --- a/2016/6xxx/CVE-2016-6760.json +++ b/2016/6xxx/CVE-2016-6760.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94677" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7314.json b/2016/7xxx/CVE-2016-7314.json index df2676be7e1..9dc63f1dde8 100644 --- a/2016/7xxx/CVE-2016-7314.json +++ b/2016/7xxx/CVE-2016-7314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7314", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7314", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7598.json b/2016/7xxx/CVE-2016-7598.json index d159ccbb8a7..d8c382ef1ac 100644 --- a/2016/7xxx/CVE-2016-7598.json +++ b/2016/7xxx/CVE-2016-7598.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-7598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-7598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7919.json b/2016/7xxx/CVE-2016-7919.json index 2c787dc2ae4..e555796a6b3 100644 --- a/2016/7xxx/CVE-2016-7919.json +++ b/2016/7xxx/CVE-2016-7919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a \"SQL Injection\" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that \"the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tracker.moodle.org/browse/MDL-56298", - "refsource" : "MISC", - "url" : "https://tracker.moodle.org/browse/MDL-56298" - }, - { - "name" : "https://www.youtube.com/watch?v=pQS1GdQ3CBc", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=pQS1GdQ3CBc" - }, - { - "name" : "93971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a \"SQL Injection\" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that \"the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=pQS1GdQ3CBc", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=pQS1GdQ3CBc" + }, + { + "name": "https://tracker.moodle.org/browse/MDL-56298", + "refsource": "MISC", + "url": "https://tracker.moodle.org/browse/MDL-56298" + }, + { + "name": "93971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93971" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7950.json b/2016/7xxx/CVE-2016-7950.json index 537266d1734..2ee62a7d4d1 100644 --- a/2016/7xxx/CVE-2016-7950.json +++ b/2016/7xxx/CVE-2016-7950.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-7950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4" - }, - { - "name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2" - }, - { - "name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714" - }, - { - "name" : "FEDORA-2016-8877cf648b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/" - }, - { - "name" : "FEDORA-2016-ade20198ff", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/" - }, - { - "name" : "GLSA-201704-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-03" - }, - { - "name" : "93369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93369" - }, - { - "name" : "1036945", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036945", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036945" + }, + { + "name": "GLSA-201704-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-03" + }, + { + "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714" + }, + { + "name": "FEDORA-2016-8877cf648b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHUT5YOSWVMBJNWZGUQNZRBFIZKRM4A6/" + }, + { + "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4" + }, + { + "name": "FEDORA-2016-ade20198ff", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/" + }, + { + "name": "93369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93369" + }, + { + "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2" + } + ] + } +} \ No newline at end of file