diff --git a/2006/5xxx/CVE-2006-5212.json b/2006/5xxx/CVE-2006-5212.json index bce901b64ce..57ef1dd029a 100644 --- a/2006/5xxx/CVE-2006-5212.json +++ b/2006/5xxx/CVE-2006-5212.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trendmicro.com/download/product.asp?productid=5", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/download/product.asp?productid=5" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt" - }, - { - "name" : "20330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20330" - }, - { - "name" : "ADV-2006-3882", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3882" - }, - { - "name" : "22156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20330" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt" + }, + { + "name": "ADV-2006-3882", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3882" + }, + { + "name": "22156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22156" + }, + { + "name": "http://www.trendmicro.com/download/product.asp?productid=5", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/download/product.asp?productid=5" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5413.json b/2006/5xxx/CVE-2006-5413.json index 6632517ee6f..892c3f02206 100644 --- a/2006/5xxx/CVE-2006-5413.json +++ b/2006/5xxx/CVE-2006-5413.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2553", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2553" - }, - { - "name" : "20568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20568" - }, - { - "name" : "20570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20570" - }, - { - "name" : "ADV-2006-4042", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4042" - }, - { - "name" : "22437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22437" - }, - { - "name" : "yabbsm-sourcedir-file-include(29559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20568" + }, + { + "name": "22437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22437" + }, + { + "name": "20570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20570" + }, + { + "name": "yabbsm-sourcedir-file-include(29559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29559" + }, + { + "name": "ADV-2006-4042", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4042" + }, + { + "name": "2553", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2553" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5566.json b/2006/5xxx/CVE-2006-5566.json index 79f61afdfe3..48d7957d685 100644 --- a/2006/5xxx/CVE-2006-5566.json +++ b/2006/5xxx/CVE-2006-5566.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449499/100/0/threaded" - }, - { - "name" : "20685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20685" - }, - { - "name" : "ADV-2006-4219", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4219" - }, - { - "name" : "22541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22541" - }, - { - "name" : "1791", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22541" + }, + { + "name": "20061023 Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449499/100/0/threaded" + }, + { + "name": "ADV-2006-4219", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4219" + }, + { + "name": "20685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20685" + }, + { + "name": "1791", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1791" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2008.json b/2007/2xxx/CVE-2007-2008.json index 3e9f1751434..f0e55fff655 100644 --- a/2007/2xxx/CVE-2007-2008.json +++ b/2007/2xxx/CVE-2007-2008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070411 pL-PHP beta 0.9 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465340/100/0/threaded" - }, - { - "name" : "3704", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3704" - }, - { - "name" : "ADV-2007-1352", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070411 pL-PHP beta 0.9 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465340/100/0/threaded" + }, + { + "name": "3704", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3704" + }, + { + "name": "ADV-2007-1352", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1352" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2109.json b/2007/2xxx/CVE-2007-2109.json index effc9d36a70..27d7dde3e4a 100644 --- a/2007/2xxx/CVE-2007-2109.json +++ b/2007/2xxx/CVE-2007-2109.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka \"Oracle Streams\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" - }, - { - "name" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "TA07-108A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" - }, - { - "name" : "23532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23532" - }, - { - "name" : "ADV-2007-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1426" - }, - { - "name" : "1017927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka \"Oracle Streams\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-108A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" + }, + { + "name": "23532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23532" + }, + { + "name": "1017927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017927" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf" + }, + { + "name": "ADV-2007-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1426" + }, + { + "name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2238.json b/2007/2xxx/CVE-2007-2238.json index ec4b7365bdc..90440087a4f 100644 --- a/2007/2xxx/CVE-2007-2238.json +++ b/2007/2xxx/CVE-2007-2238.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-2238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#789121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/789121" - }, - { - "name" : "34532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34532" - }, - { - "name" : "34725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34725" - }, - { - "name" : "ADV-2009-1061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1061" - }, - { - "name" : "iag-activex-bo(49888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#789121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/789121" + }, + { + "name": "ADV-2009-1061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1061" + }, + { + "name": "34725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34725" + }, + { + "name": "34532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34532" + }, + { + "name": "iag-activex-bo(49888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2533.json b/2007/2xxx/CVE-2007-2533.json index 0ff315618e3..1188a4c6d73 100644 --- a/2007/2xxx/CVE-2007-2533.json +++ b/2007/2xxx/CVE-2007-2533.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trendmicro.com/download_beta/product.asp?productid=17", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/download_beta/product.asp?productid=17" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt" - }, - { - "name" : "35791", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35791" - }, - { - "name" : "35792", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35792" - }, - { - "name" : "ADV-2007-1689", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1689" - }, - { - "name" : "serverprotect-multiple-bo(34171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1689", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1689" + }, + { + "name": "35792", + "refsource": "OSVDB", + "url": "http://osvdb.org/35792" + }, + { + "name": "35791", + "refsource": "OSVDB", + "url": "http://osvdb.org/35791" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt" + }, + { + "name": "http://www.trendmicro.com/download_beta/product.asp?productid=17", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/download_beta/product.asp?productid=17" + }, + { + "name": "serverprotect-multiple-bo(34171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34171" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2560.json b/2007/2xxx/CVE-2007-2560.json index 3dc394641e8..32f93b7cc41 100644 --- a/2007/2xxx/CVE-2007-2560.json +++ b/2007/2xxx/CVE-2007-2560.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3867", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3867" - }, - { - "name" : "20070509 true: ACGV Annu (rubrik) LFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-May/001605.html" - }, - { - "name" : "23842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23842" - }, - { - "name" : "36181", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36181" - }, - { - "name" : "acgv-annu-acgv-file-include(34108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3867", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3867" + }, + { + "name": "20070509 true: ACGV Annu (rubrik) LFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-May/001605.html" + }, + { + "name": "36181", + "refsource": "OSVDB", + "url": "http://osvdb.org/36181" + }, + { + "name": "acgv-annu-acgv-file-include(34108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34108" + }, + { + "name": "23842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23842" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3146.json b/2007/3xxx/CVE-2007-3146.json index 0f87e043005..2ab3eabaa49 100644 --- a/2007/3xxx/CVE-2007-3146.json +++ b/2007/3xxx/CVE-2007-3146.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070607 Zen Help Desk ==> Version 2.1 Bypass/", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470803/100/0/threaded" - }, - { - "name" : "39231", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39231" - }, - { - "name" : "2788", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2788" - }, - { - "name" : "zen-zenhelpdesk-information-disclosure(34770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39231", + "refsource": "OSVDB", + "url": "http://osvdb.org/39231" + }, + { + "name": "20070607 Zen Help Desk ==> Version 2.1 Bypass/", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470803/100/0/threaded" + }, + { + "name": "zen-zenhelpdesk-information-disclosure(34770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34770" + }, + { + "name": "2788", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2788" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3751.json b/2007/3xxx/CVE-2007-3751.json index d19db9cc263..77169f5ec96 100644 --- a/2007/3xxx/CVE-2007-3751.json +++ b/2007/3xxx/CVE-2007-3751.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306896", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306896" - }, - { - "name" : "APPLE-SA-2007-11-05", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html" - }, - { - "name" : "TA07-310A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-310A.html" - }, - { - "name" : "VU#319771", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/319771" - }, - { - "name" : "26339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26339" - }, - { - "name" : "ADV-2007-3723", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3723" - }, - { - "name" : "38548", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38548" - }, - { - "name" : "1018894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018894" - }, - { - "name" : "27523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27523" - }, - { - "name" : "apple-quicktime-javaapplet-code-execution(38271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-310A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306896", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306896" + }, + { + "name": "APPLE-SA-2007-11-05", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html" + }, + { + "name": "27523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27523" + }, + { + "name": "apple-quicktime-javaapplet-code-execution(38271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38271" + }, + { + "name": "1018894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018894" + }, + { + "name": "26339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26339" + }, + { + "name": "VU#319771", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/319771" + }, + { + "name": "38548", + "refsource": "OSVDB", + "url": "http://osvdb.org/38548" + }, + { + "name": "ADV-2007-3723", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3723" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6534.json b/2007/6xxx/CVE-2007-6534.json index 9321771ff97..bcc5f8f4454 100644 --- a/2007/6xxx/CVE-2007-6534.json +++ b/2007/6xxx/CVE-2007-6534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071222 Microsoft Office Publisher", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485456/100/0/threaded" - }, - { - "name" : "26982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26982" - }, - { - "name" : "3490", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26982" + }, + { + "name": "3490", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3490" + }, + { + "name": "20071222 Microsoft Office Publisher", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485456/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6642.json b/2007/6xxx/CVE-2007-6642.json index 46eb4941de5..b0841553c27 100644 --- a/2007/6xxx/CVE-2007-6642.json +++ b/2007/6xxx/CVE-2007-6642.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071227 [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485676/100/0/threaded" - }, - { - "name" : "http://www.joomla.org/content/view/4335/116/", - "refsource" : "MISC", - "url" : "http://www.joomla.org/content/view/4335/116/" - }, - { - "name" : "MDVSA-2008:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:060" - }, - { - "name" : "28111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28111" - }, - { - "name" : "41263", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41263" - }, - { - "name" : "1019145", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019145" - }, - { - "name" : "29257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29257" - }, - { - "name" : "3505", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28111" + }, + { + "name": "29257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29257" + }, + { + "name": "1019145", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019145" + }, + { + "name": "http://www.joomla.org/content/view/4335/116/", + "refsource": "MISC", + "url": "http://www.joomla.org/content/view/4335/116/" + }, + { + "name": "20071227 [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485676/100/0/threaded" + }, + { + "name": "MDVSA-2008:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:060" + }, + { + "name": "3505", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3505" + }, + { + "name": "41263", + "refsource": "OSVDB", + "url": "http://osvdb.org/41263" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0721.json b/2010/0xxx/CVE-2010-0721.json index 5bac59fdf7a..45fe4fc3075 100644 --- a/2010/0xxx/CVE-2010-0721.json +++ b/2010/0xxx/CVE-2010-0721.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt" - }, - { - "name" : "11488", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11488" - }, - { - "name" : "auktionshausgelb-news-sql-injection(56332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11488", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11488" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt" + }, + { + "name": "auktionshausgelb-news-sql-injection(56332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56332" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0874.json b/2010/0xxx/CVE-2010-0874.json index d06d2bbe570..27e093058c0 100644 --- a/2010/0xxx/CVE-2010-0874.json +++ b/2010/0xxx/CVE-2010-0874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "1023872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "1023872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023872" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1269.json b/2010/1xxx/CVE-2010-1269.json index 245311da763..b1f2564a731 100644 --- a/2010/1xxx/CVE-2010-1269.json +++ b/2010/1xxx/CVE-2010-1269.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt" - }, - { - "name" : "11805", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11805" - }, - { - "name" : "38971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38971" - }, - { - "name" : "niedrig-auktion-sql-injection(57020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "niedrig-auktion-sql-injection(57020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57020" + }, + { + "name": "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/" + }, + { + "name": "11805", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11805" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt" + }, + { + "name": "38971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38971" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1307.json b/2010/1xxx/CVE-2010-1307.json index e10cccb2803..7ca9077b245 100644 --- a/2010/1xxx/CVE-2010-1307.json +++ b/2010/1xxx/CVE-2010-1307.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt" - }, - { - "name" : "12070", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12070" - }, - { - "name" : "39207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39207" - }, - { - "name" : "39348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39348" - }, - { - "name" : "ADV-2010-0806", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0806" - }, - { - "name" : "magicupdater-controller-file-include(57531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39348" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt" + }, + { + "name": "39207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39207" + }, + { + "name": "magicupdater-controller-file-include(57531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57531" + }, + { + "name": "ADV-2010-0806", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0806" + }, + { + "name": "12070", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12070" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1701.json b/2010/1xxx/CVE-2010-1701.json index be922189705..0ddb41ae0f0 100644 --- a/2010/1xxx/CVE-2010-1701.json +++ b/2010/1xxx/CVE-2010-1701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12444", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12444" - }, - { - "name" : "39647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39647" - }, - { - "name" : "ADV-2010-1027", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1027", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1027" + }, + { + "name": "12444", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12444" + }, + { + "name": "39647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39647" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1898.json b/2010/1xxx/CVE-2010-1898.json index 15d56907332..33c2e67aa11 100644 --- a/2010/1xxx/CVE-2010-1898.json +++ b/2010/1xxx/CVE-2010-1898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12033", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060" + }, + { + "name": "oval:org.mitre.oval:def:12033", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1927.json b/2010/1xxx/CVE-2010-1927.json index 11d7ea189d1..0f4629b6ca0 100644 --- a/2010/1xxx/CVE-2010-1927.json +++ b/2010/1xxx/CVE-2010-1927.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12398", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12398" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt" - }, - { - "name" : "64202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64202" - }, - { - "name" : "64203", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64203" - }, - { - "name" : "64204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64204" - }, - { - "name" : "64205", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64205" - }, - { - "name" : "64206", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64206" - }, - { - "name" : "64207", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64207" - }, - { - "name" : "64208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64208" - }, - { - "name" : "64209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64209" - }, - { - "name" : "64210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64210" - }, - { - "name" : "39624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39624" - }, - { - "name" : "ADV-2010-1003", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt" + }, + { + "name": "64207", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64207" + }, + { + "name": "12398", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12398" + }, + { + "name": "ADV-2010-1003", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1003" + }, + { + "name": "64206", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64206" + }, + { + "name": "64204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64204" + }, + { + "name": "64205", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64205" + }, + { + "name": "64208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64208" + }, + { + "name": "64202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64202" + }, + { + "name": "64210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64210" + }, + { + "name": "64203", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64203" + }, + { + "name": "39624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39624" + }, + { + "name": "64209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64209" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0172.json b/2014/0xxx/CVE-2014-0172.json index 3ad794a0c23..f15ace81252 100644 --- a/2014/0xxx/CVE-2014-0172.json +++ b/2014/0xxx/CVE-2014-0172.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.", - "refsource" : "MLIST", - "url" : "https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html" - }, - { - "name" : "[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/54" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085663", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085663" - }, - { - "name" : "GLSA-201612-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-32" - }, - { - "name" : "USN-2188-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2188-1" - }, - { - "name" : "66714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/54" + }, + { + "name": "[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.", + "refsource": "MLIST", + "url": "https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html" + }, + { + "name": "GLSA-201612-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-32" + }, + { + "name": "66714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66714" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1085663", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085663" + }, + { + "name": "USN-2188-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2188-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0181.json b/2014/0xxx/CVE-2014-0181.json index a880aa62f8b..4f007a49bd7 100644 --- a/2014/0xxx/CVE-2014-0181.json +++ b/2014/0xxx/CVE-2014-0181.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=139828832919748&w=2" - }, - { - "name" : "[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/23/6" - }, - { - "name" : "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9" - }, - { - "name" : "RHSA-2014:1959", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1959.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0652", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "SUSE-SU-2015:0736", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45" + }, + { + "name": "SUSE-SU-2015:0736", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" + }, + { + "name": "SUSE-SU-2015:0652", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/23/6" + }, + { + "name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "RHSA-2014:1959", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1959.html" + }, + { + "name": "[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=139828832919748&w=2" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0313.json b/2014/0xxx/CVE-2014-0313.json index faad1b9b5c9..dcc9a1a0ead 100644 --- a/2014/0xxx/CVE-2014-0313.json +++ b/2014/0xxx/CVE-2014-0313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0331.json b/2014/0xxx/CVE-2014-0331.json index 3099229ec82..dff5188f7d2 100644 --- a/2014/0xxx/CVE-2014-0331.json +++ b/2014/0xxx/CVE-2014-0331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/53" - }, - { - "name" : "http://www.fortiguard.com/advisory/FG-IR-14-004", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/FG-IR-14-004" - }, - { - "name" : "VU#667340", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/667340" - }, - { - "name" : "66642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66642" - }, - { - "name" : "1030018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#667340", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/667340" + }, + { + "name": "1030018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030018" + }, + { + "name": "66642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66642" + }, + { + "name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/53" + }, + { + "name": "http://www.fortiguard.com/advisory/FG-IR-14-004", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/FG-IR-14-004" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0335.json b/2014/0xxx/CVE-2014-0335.json index 81d51e83491..c6ffe6e4d26 100644 --- a/2014/0xxx/CVE-2014-0335.json +++ b/2014/0xxx/CVE-2014-0335.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#823452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/823452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#823452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/823452" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0926.json b/2014/0xxx/CVE-2014-0926.json index a3a66b9b8b8..a65faf33f6f 100644 --- a/2014/0xxx/CVE-2014-0926.json +++ b/2014/0xxx/CVE-2014-0926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1424.json b/2014/1xxx/CVE-2014-1424.json index b5a0715b23d..8f1449f36cc 100644 --- a/2014/1xxx/CVE-2014-1424.json +++ b/2014/1xxx/CVE-2014-1424.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a \"miscompilation flaw.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-1424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-2413-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2413-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a \"miscompilation flaw.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2413-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2413-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1574.json b/2014/1xxx/CVE-2014-1574.json index fb3bb070682..350b4e26d05 100644 --- a/2014/1xxx/CVE-2014-1574.json +++ b/2014/1xxx/CVE-2014-1574.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174" - }, - { - "name" : "https://advisories.mageia.org/MGASA-2014-0421.html", - "refsource" : "CONFIRM", - "url" : "https://advisories.mageia.org/MGASA-2014-0421.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3050", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3050" - }, - { - "name" : "DSA-3061", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3061" - }, - { - "name" : "FEDORA-2014-13042", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html" - }, - { - "name" : "FEDORA-2014-14084", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:1635", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1635.html" - }, - { - "name" : "RHSA-2014:1647", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1647.html" - }, - { - "name" : "openSUSE-SU-2014:1343", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html" - }, - { - "name" : "openSUSE-SU-2014:1346", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html" - }, - { - "name" : "openSUSE-SU-2014:1344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" - }, - { - "name" : "openSUSE-SU-2014:1345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "USN-2372-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2372-1" - }, - { - "name" : "USN-2373-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2373-1" - }, - { - "name" : "70436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70436" - }, - { - "name" : "1031028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031028" - }, - { - "name" : "1031030", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031030" - }, - { - "name" : "61387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61387" - }, - { - "name" : "61854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61854" - }, - { - "name" : "62021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62021" - }, - { - "name" : "62022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62022" - }, - { - "name" : "62023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html" + }, + { + "name": "62021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62021" + }, + { + "name": "openSUSE-SU-2015:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" + }, + { + "name": "openSUSE-SU-2014:1344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html" + }, + { + "name": "openSUSE-SU-2014:1346", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html" + }, + { + "name": "FEDORA-2014-13042", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346" + }, + { + "name": "1031028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031028" + }, + { + "name": "openSUSE-SU-2014:1345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html" + }, + { + "name": "USN-2373-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2373-1" + }, + { + "name": "https://advisories.mageia.org/MGASA-2014-0421.html", + "refsource": "CONFIRM", + "url": "https://advisories.mageia.org/MGASA-2014-0421.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214" + }, + { + "name": "RHSA-2014:1635", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html" + }, + { + "name": "FEDORA-2014-14084", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html" + }, + { + "name": "RHSA-2014:1647", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354" + }, + { + "name": "61387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61387" + }, + { + "name": "USN-2372-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2372-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174" + }, + { + "name": "62022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62022" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "1031030", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031030" + }, + { + "name": "62023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62023" + }, + { + "name": "openSUSE-SU-2014:1343", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044" + }, + { + "name": "DSA-3050", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3050" + }, + { + "name": "61854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61854" + }, + { + "name": "70436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70436" + }, + { + "name": "DSA-3061", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3061" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1871.json b/2014/1xxx/CVE-2014-1871.json index 51b050e2165..b4e769352ca 100644 --- a/2014/1xxx/CVE-2014-1871.json +++ b/2014/1xxx/CVE-2014-1871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1871", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1871", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4777.json b/2014/4xxx/CVE-2014-4777.json index fc44eb46521..aa8b88ee0a6 100644 --- a/2014/4xxx/CVE-2014-4777.json +++ b/2014/4xxx/CVE-2014-4777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4869.json b/2014/4xxx/CVE-2014-4869.json index 580697ee129..b03674c6b14 100644 --- a/2014/4xxx/CVE-2014-4869.json +++ b/2014/4xxx/CVE-2014-4869.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#111588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/111588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#111588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/111588" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5881.json b/2014/5xxx/CVE-2014-5881.json index 592203bd0f4..c18eb3470b4 100644 --- a/2014/5xxx/CVE-2014-5881.json +++ b/2014/5xxx/CVE-2014-5881.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#228385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/228385" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "JVN#48270605", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48270605/index.html" - }, - { - "name" : "JVNDB-2014-000116", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#228385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/228385" + }, + { + "name": "JVN#48270605", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48270605/index.html" + }, + { + "name": "JVNDB-2014-000116", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10143.json b/2016/10xxx/CVE-2016-10143.json index f387e8b2dee..c0300a6ceb6 100644 --- a/2016/10xxx/CVE-2016-10143.json +++ b/2016/10xxx/CVE-2016-10143.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dev.tiki.org/item6174", - "refsource" : "CONFIRM", - "url" : "https://dev.tiki.org/item6174" - }, - { - "name" : "https://sourceforge.net/p/tikiwiki/code/60308/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/tikiwiki/code/60308/" - }, - { - "name" : "96787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96787" + }, + { + "name": "https://dev.tiki.org/item6174", + "refsource": "CONFIRM", + "url": "https://dev.tiki.org/item6174" + }, + { + "name": "https://sourceforge.net/p/tikiwiki/code/60308/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/tikiwiki/code/60308/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10669.json b/2016/10xxx/CVE-2016-10669.json index 396ed71f27d..063dfa2c687 100644 --- a/2016/10xxx/CVE-2016-10669.json +++ b/2016/10xxx/CVE-2016-10669.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "soci node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "soci node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/270", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/270", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/270" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3145.json b/2016/3xxx/CVE-2016-3145.json index e773f26ef3f..0259f94f1f5 100644 --- a/2016/3xxx/CVE-2016-3145.json +++ b/2016/3xxx/CVE-2016-3145.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.lexmark.com/index?page=content&id=TE760", - "refsource" : "CONFIRM", - "url" : "http://support.lexmark.com/index?page=content&id=TE760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.lexmark.com/index?page=content&id=TE760", + "refsource": "CONFIRM", + "url": "http://support.lexmark.com/index?page=content&id=TE760" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3740.json b/2016/3xxx/CVE-2016-3740.json index 7dfd1706528..e1aaee7531e 100644 --- a/2016/3xxx/CVE-2016-3740.json +++ b/2016/3xxx/CVE-2016-3740.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html", - "refsource" : "MISC", - "url" : "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html", + "refsource": "MISC", + "url": "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3882.json b/2016/3xxx/CVE-2016-3882.json index 81bb852cfa6..20dc96dd587 100644 --- a/2016/3xxx/CVE-2016-3882.json +++ b/2016/3xxx/CVE-2016-3882.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630" - }, - { - "name" : "93295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93295" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8628.json b/2016/8xxx/CVE-2016-8628.json index e23b8020ab5..a3749554063 100644 --- a/2016/8xxx/CVE-2016-8628.json +++ b/2016/8xxx/CVE-2016-8628.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ansible", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ansible", + "version": { + "version_data": [ + { + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628" - }, - { - "name" : "RHSA-2016:2778", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:2778" - }, - { - "name" : "94109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + ], + [ + { + "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2778", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:2778" + }, + { + "name": "94109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94109" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8756.json b/2016/8xxx/CVE-2016-8756.json index 3ec6dab4212..81f9dc58e2c 100644 --- a/2016/8xxx/CVE-2016-8756.json +++ b/2016/8xxx/CVE-2016-8756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en" - }, - { - "name" : "93935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93935" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8883.json b/2016/8xxx/CVE-2016-8883.json index 80f706ec9a8..c7b8c3afa0a 100644 --- a/2016/8xxx/CVE-2016-8883.json +++ b/2016/8xxx/CVE-2016-8883.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161017 Re: Re: Fuzzing jasper", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/17/1" - }, - { - "name" : "[oss-security] 20161022 Re: Fuzzing jasper", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/23/8" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/32", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/issues/32" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "USN-3693-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3693-1/" - }, - { - "name" : "95865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95865" + }, + { + "name": "https://github.com/mdadams/jasper/issues/32", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/issues/32" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "[oss-security] 20161017 Re: Re: Fuzzing jasper", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/17/1" + }, + { + "name": "[oss-security] 20161022 Re: Fuzzing jasper", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/23/8" + }, + { + "name": "USN-3693-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3693-1/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9079.json b/2016/9xxx/CVE-2016-9079.json index d66b5df6a24..6675c0c235f 100644 --- a/2016/9xxx/CVE-2016-9079.json +++ b/2016/9xxx/CVE-2016-9079.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50.0.2" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.5.1" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in SVG Animation" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50.0.2" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.5.1" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41151", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41151/" - }, - { - "name" : "42327", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42327/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-92/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-92/" - }, - { - "name" : "DSA-3730", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2016/dsa-3730" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "GLSA-201701-35", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-35" - }, - { - "name" : "RHSA-2016:2843", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2843.html" - }, - { - "name" : "RHSA-2016:2850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2850.html" - }, - { - "name" : "94591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94591" - }, - { - "name" : "1037370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in SVG Animation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3730", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2016/dsa-3730" + }, + { + "name": "RHSA-2016:2843", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html" + }, + { + "name": "GLSA-201701-35", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-35" + }, + { + "name": "1037370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037370" + }, + { + "name": "42327", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42327/" + }, + { + "name": "RHSA-2016:2850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-92/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/" + }, + { + "name": "94591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94591" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "41151", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41151/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9259.json b/2016/9xxx/CVE-2016-9259.json index 6df32ab540d..36305408c53 100644 --- a/2016/9xxx/CVE-2016-9259.json +++ b/2016/9xxx/CVE-2016-9259.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/tns-2016-17", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-17" - }, - { - "name" : "1037293", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-17", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-17" + }, + { + "name": "1037293", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037293" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9950.json b/2016/9xxx/CVE-2016-9950.json index 8aba67dcdc7..558887f068e 100644 --- a/2016/9xxx/CVE-2016-9950.json +++ b/2016/9xxx/CVE-2016-9950.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40937", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40937/" - }, - { - "name" : "https://bugs.launchpad.net/apport/+bug/1648806", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/apport/+bug/1648806" - }, - { - "name" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/", - "refsource" : "MISC", - "url" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/" - }, - { - "name" : "https://github.com/DonnchaC/ubuntu-apport-exploitation", - "refsource" : "MISC", - "url" : "https://github.com/DonnchaC/ubuntu-apport-exploitation" - }, - { - "name" : "USN-3157-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3157-1" - }, - { - "name" : "95011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/DonnchaC/ubuntu-apport-exploitation", + "refsource": "MISC", + "url": "https://github.com/DonnchaC/ubuntu-apport-exploitation" + }, + { + "name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/", + "refsource": "MISC", + "url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/" + }, + { + "name": "https://bugs.launchpad.net/apport/+bug/1648806", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/apport/+bug/1648806" + }, + { + "name": "95011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95011" + }, + { + "name": "USN-3157-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3157-1" + }, + { + "name": "40937", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40937/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2060.json b/2019/2xxx/CVE-2019-2060.json index f721c425932..66cd53c5d0c 100644 --- a/2019/2xxx/CVE-2019-2060.json +++ b/2019/2xxx/CVE-2019-2060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2226.json b/2019/2xxx/CVE-2019-2226.json index 33e126a7970..ffd12e4e325 100644 --- a/2019/2xxx/CVE-2019-2226.json +++ b/2019/2xxx/CVE-2019-2226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2585.json b/2019/2xxx/CVE-2019-2585.json index 6d07f9f32f9..b291b87a01f 100644 --- a/2019/2xxx/CVE-2019-2585.json +++ b/2019/2xxx/CVE-2019-2585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2711.json b/2019/2xxx/CVE-2019-2711.json index c6f8606b31e..48d273f44f3 100644 --- a/2019/2xxx/CVE-2019-2711.json +++ b/2019/2xxx/CVE-2019-2711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2832.json b/2019/2xxx/CVE-2019-2832.json index 0020e506971..a6f8c6d80da 100644 --- a/2019/2xxx/CVE-2019-2832.json +++ b/2019/2xxx/CVE-2019-2832.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2832", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2832", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6383.json b/2019/6xxx/CVE-2019-6383.json index 19be29a6d00..76dea4eb2d2 100644 --- a/2019/6xxx/CVE-2019-6383.json +++ b/2019/6xxx/CVE-2019-6383.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6383", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6383", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6402.json b/2019/6xxx/CVE-2019-6402.json index f90fe3dfd0f..902eb219d95 100644 --- a/2019/6xxx/CVE-2019-6402.json +++ b/2019/6xxx/CVE-2019-6402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6517.json b/2019/6xxx/CVE-2019-6517.json index fa708539eee..2113e9a4aa6 100644 --- a/2019/6xxx/CVE-2019-6517.json +++ b/2019/6xxx/CVE-2019-6517.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-29T00:00:00", - "ID" : "CVE-2019-6517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BD FACSLyric", - "version" : { - "version_data" : [ - { - "version_value" : "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER ACCESS CONTROL CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-29T00:00:00", + "ID": "CVE-2019-6517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BD FACSLyric", + "version": { + "version_data": [ + { + "version_value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02" - }, - { - "name" : "106766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106766" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6764.json b/2019/6xxx/CVE-2019-6764.json index 61c6e91c9de..0aebab1e659 100644 --- a/2019/6xxx/CVE-2019-6764.json +++ b/2019/6xxx/CVE-2019-6764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6764", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6764", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file