diff --git a/2006/1xxx/CVE-2006-1702.json b/2006/1xxx/CVE-2006-1702.json index dcf63399523..d4733ca77f5 100644 --- a/2006/1xxx/CVE-2006-1702.json +++ b/2006/1xxx/CVE-2006-1702.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060409 Vulnerabilities in SPIP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430443/100/0/threaded" - }, - { - "name" : "17423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17423" - }, - { - "name" : "spip-spiplogin-file-include(25711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17423" + }, + { + "name": "20060409 Vulnerabilities in SPIP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430443/100/0/threaded" + }, + { + "name": "spip-spiplogin-file-include(25711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25711" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1884.json b/2006/1xxx/CVE-2006-1884.json index 4c4c5138bcd..96243b4864c 100644 --- a/2006/1xxx/CVE-2006-1884.json +++ b/2006/1xxx/CVE-2006-1884.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" - }, - { - "name" : "HPSBMA02113", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "SSRT061148", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded" - }, - { - "name" : "17590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17590" - }, - { - "name" : "ADV-2006-1397", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1397" - }, - { - "name" : "ADV-2006-1571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1571" - }, - { - "name" : "1015961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015961" - }, - { - "name" : "19712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19712" - }, - { - "name" : "19859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19859" - }, - { - "name" : "oracle-ebusiness-multiple-unspecifed(26058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19712" + }, + { + "name": "oracle-ebusiness-multiple-unspecifed(26058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26058" + }, + { + "name": "19859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19859" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html" + }, + { + "name": "ADV-2006-1571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1571" + }, + { + "name": "17590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17590" + }, + { + "name": "SSRT061148", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "ADV-2006-1397", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1397" + }, + { + "name": "HPSBMA02113", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded" + }, + { + "name": "1015961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015961" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5125.json b/2006/5xxx/CVE-2006-5125.json index 26c390a56cd..0cb3dc2f349 100644 --- a/2006/5xxx/CVE-2006-5125.json +++ b/2006/5xxx/CVE-2006-5125.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html", - "refsource" : "MISC", - "url" : "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html" - }, - { - "name" : "2451", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2451" - }, - { - "name" : "20264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20264" - }, - { - "name" : "ADV-2006-3846", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3846" - }, - { - "name" : "22178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22178" - }, - { - "name" : "phpmywebmin-window-info-disclosure(29259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3846", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3846" + }, + { + "name": "20264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20264" + }, + { + "name": "2451", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2451" + }, + { + "name": "22178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22178" + }, + { + "name": "phpmywebmin-window-info-disclosure(29259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29259" + }, + { + "name": "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html", + "refsource": "MISC", + "url": "http://kernel-32.blogspot.com/2006/09/php-mywebmin-10-remote-file-include.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5423.json b/2006/5xxx/CVE-2006-5423.json index 5bcdab322b9..f54d2950c17 100644 --- a/2006/5xxx/CVE-2006-5423.json +++ b/2006/5xxx/CVE-2006-5423.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20609" - }, - { - "name" : "ADV-2006-4087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4087" - }, - { - "name" : "22461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22461" + }, + { + "name": "20609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20609" + }, + { + "name": "ADV-2006-4087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4087" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5542.json b/2006/5xxx/CVE-2006-5542.json index 357fabee1c2..faeb4c4b34c 100644 --- a/2006/5xxx/CVE-2006-5542.json +++ b/2006/5xxx/CVE-2006-5542.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.commandprompt.com/public/pgsql/changeset/25953", - "refsource" : "CONFIRM", - "url" : "http://projects.commandprompt.com/public/pgsql/changeset/25953" - }, - { - "name" : "http://www.postgresql.org/about/news.664", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.664" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm" - }, - { - "name" : "MDKSA-2006:194", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:194" - }, - { - "name" : "RHSA-2007:0067", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0067.html" - }, - { - "name" : "RHSA-2007:0068", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0068.html" - }, - { - "name" : "SUSE-SR:2006:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_27_sr.html" - }, - { - "name" : "2006-0059", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0059/" - }, - { - "name" : "USN-369-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-369-1" - }, - { - "name" : "USN-369-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-369-2" - }, - { - "name" : "20717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20717" - }, - { - "name" : "oval:org.mitre.oval:def:10122", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10122" - }, - { - "name" : "ADV-2006-4182", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4182" - }, - { - "name" : "1017115", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017115" - }, - { - "name" : "22562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22562" - }, - { - "name" : "22584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22584" - }, - { - "name" : "22636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22636" - }, - { - "name" : "22606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22606" - }, - { - "name" : "23048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23048" - }, - { - "name" : "23132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23132" - }, - { - "name" : "24577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:194", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:194" + }, + { + "name": "USN-369-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-369-2" + }, + { + "name": "1017115", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017115" + }, + { + "name": "RHSA-2007:0068", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0068.html" + }, + { + "name": "ADV-2006-4182", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4182" + }, + { + "name": "22606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22606" + }, + { + "name": "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html" + }, + { + "name": "http://www.postgresql.org/about/news.664", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.664" + }, + { + "name": "oval:org.mitre.oval:def:10122", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10122" + }, + { + "name": "23048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23048" + }, + { + "name": "24577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24577" + }, + { + "name": "SUSE-SR:2006:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_27_sr.html" + }, + { + "name": "http://projects.commandprompt.com/public/pgsql/changeset/25953", + "refsource": "CONFIRM", + "url": "http://projects.commandprompt.com/public/pgsql/changeset/25953" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm" + }, + { + "name": "23132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23132" + }, + { + "name": "USN-369-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-369-1" + }, + { + "name": "22636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22636" + }, + { + "name": "RHSA-2007:0067", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0067.html" + }, + { + "name": "2006-0059", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0059/" + }, + { + "name": "22562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22562" + }, + { + "name": "22584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22584" + }, + { + "name": "20717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20717" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5640.json b/2006/5xxx/CVE-2006-5640.json index 987071cf9ca..ab3ac0f24fc 100644 --- a/2006/5xxx/CVE-2006-5640.json +++ b/2006/5xxx/CVE-2006-5640.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2684", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2684" - }, - { - "name" : "20802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20802" - }, - { - "name" : "ADV-2006-4277", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4277" - }, - { - "name" : "22600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22600" - }, - { - "name" : "technodreamsgb-guestbook-sql-injection(29869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22600" + }, + { + "name": "20802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20802" + }, + { + "name": "ADV-2006-4277", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4277" + }, + { + "name": "technodreamsgb-guestbook-sql-injection(29869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29869" + }, + { + "name": "2684", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2684" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5805.json b/2006/5xxx/CVE-2006-5805.json index 2e22ff17d6e..7e829299633 100644 --- a/2006/5xxx/CVE-2006-5805.json +++ b/2006/5xxx/CVE-2006-5805.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061103 IE7 website security certificate discrediting exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450722/100/0/threaded" - }, - { - "name" : "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html", - "refsource" : "MISC", - "url" : "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" - }, - { - "name" : "1017165", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017165", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017165" + }, + { + "name": "20061103 IE7 website security certificate discrediting exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450722/100/0/threaded" + }, + { + "name": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html", + "refsource": "MISC", + "url": "http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5838.json b/2006/5xxx/CVE-2006-5838.json index eb92a677d9a..5aa28000abb 100644 --- a/2006/5xxx/CVE-2006-5838.json +++ b/2006/5xxx/CVE-2006-5838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061107 News publication system remote File include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450823/100/0/threaded" - }, - { - "name" : "20893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20893" - }, - { - "name" : "1835", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1835" - }, - { - "name" : "newp-database-file-include(30086)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "newp-database-file-include(30086)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30086" + }, + { + "name": "1835", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1835" + }, + { + "name": "20061107 News publication system remote File include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450823/100/0/threaded" + }, + { + "name": "20893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20893" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2009.json b/2007/2xxx/CVE-2007-2009.json index c20aa07c8ca..2b894ba09a0 100644 --- a/2007/2xxx/CVE-2007-2009.json +++ b/2007/2xxx/CVE-2007-2009.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070411 New bug :)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465343/100/100/threaded" - }, - { - "name" : "3705", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3705" - }, - { - "name" : "20070412 true: SimpCMS Light RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001513.html" - }, - { - "name" : "23439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23439" - }, - { - "name" : "ADV-2007-1348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1348" - }, - { - "name" : "24851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24851" - }, - { - "name" : "simpcms-index-file-include(33572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1348" + }, + { + "name": "simpcms-index-file-include(33572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33572" + }, + { + "name": "3705", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3705" + }, + { + "name": "20070412 true: SimpCMS Light RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001513.html" + }, + { + "name": "20070411 New bug :)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465343/100/100/threaded" + }, + { + "name": "24851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24851" + }, + { + "name": "23439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23439" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2373.json b/2007/2xxx/CVE-2007-2373.json index 49104cf4884..b4ff5300ccf 100644 --- a/2007/2xxx/CVE-2007-2373.json +++ b/2007/2xxx/CVE-2007-2373.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080218 XOOPS Module wflinks SQL Injection(cid)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488316/100/0/threaded" - }, - { - "name" : "20080220 Re: XOOPS Module wflinks SQL Injection(cid)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488375/100/0/threaded" - }, - { - "name" : "3670", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3670" - }, - { - "name" : "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt" - }, - { - "name" : "23340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23340" - }, - { - "name" : "ADV-2007-1275", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3670", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3670" + }, + { + "name": "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt" + }, + { + "name": "23340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23340" + }, + { + "name": "20080220 Re: XOOPS Module wflinks SQL Injection(cid)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488375/100/0/threaded" + }, + { + "name": "20080218 XOOPS Module wflinks SQL Injection(cid)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488316/100/0/threaded" + }, + { + "name": "ADV-2007-1275", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1275" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2392.json b/2007/2xxx/CVE-2007-2392.json index 36534e590d0..0ac0b8f4355 100644 --- a/2007/2xxx/CVE-2007-2392.json +++ b/2007/2xxx/CVE-2007-2392.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=305947", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305947" - }, - { - "name" : "APPLE-SA-2007-07-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" - }, - { - "name" : "TA07-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" - }, - { - "name" : "VU#582681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582681" - }, - { - "name" : "24873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24873" - }, - { - "name" : "ADV-2007-2510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2510" - }, - { - "name" : "36136", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36136" - }, - { - "name" : "1018373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018373" - }, - { - "name" : "26034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26034" - }, - { - "name" : "quicktime-moviefile-code-execution(35353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26034" + }, + { + "name": "1018373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018373" + }, + { + "name": "VU#582681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582681" + }, + { + "name": "TA07-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" + }, + { + "name": "quicktime-moviefile-code-execution(35353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35353" + }, + { + "name": "ADV-2007-2510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2510" + }, + { + "name": "24873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24873" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305947", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305947" + }, + { + "name": "36136", + "refsource": "OSVDB", + "url": "http://osvdb.org/36136" + }, + { + "name": "APPLE-SA-2007-07-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2421.json b/2007/2xxx/CVE-2007-2421.json index 8edd708279e..f53f658f784 100644 --- a/2007/2xxx/CVE-2007-2421.json +++ b/2007/2xxx/CVE-2007-2421.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html" - }, - { - "name" : "23690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23690" - }, - { - "name" : "ADV-2007-1562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1562" - }, - { - "name" : "35437", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35437" - }, - { - "name" : "25020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25020" - }, - { - "name" : "hitachi-groupmax-unspecified-bo(33953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1562" + }, + { + "name": "35437", + "refsource": "OSVDB", + "url": "http://osvdb.org/35437" + }, + { + "name": "23690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23690" + }, + { + "name": "hitachi-groupmax-unspecified-bo(33953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33953" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html" + }, + { + "name": "25020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25020" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2999.json b/2007/2xxx/CVE-2007-2999.json index 8959c3f211b..cf7cb1d3f43 100644 --- a/2007/2xxx/CVE-2007-2999.json +++ b/2007/2xxx/CVE-2007-2999.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/", - "refsource" : "MISC", - "url" : "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/" - }, - { - "name" : "24248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24248" - }, - { - "name" : "36138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36138" - }, - { - "name" : "25457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/", + "refsource": "MISC", + "url": "http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/" + }, + { + "name": "25457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25457" + }, + { + "name": "24248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24248" + }, + { + "name": "36138", + "refsource": "OSVDB", + "url": "http://osvdb.org/36138" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6471.json b/2007/6xxx/CVE-2007-6471.json index e3c7b482796..1decd5941ef 100644 --- a/2007/6xxx/CVE-2007-6471.json +++ b/2007/6xxx/CVE-2007-6471.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\\ (dot dot backslash) in the config parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071214 Phpay - Local File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485149/100/0/threaded" - }, - { - "name" : "26881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26881" - }, - { - "name" : "ADV-2007-4231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4231" - }, - { - "name" : "28111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28111" - }, - { - "name" : "3466", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3466" - }, - { - "name" : "phpay-main-file-include(39063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\\ (dot dot backslash) in the config parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4231" + }, + { + "name": "20071214 Phpay - Local File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485149/100/0/threaded" + }, + { + "name": "26881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26881" + }, + { + "name": "phpay-main-file-include(39063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39063" + }, + { + "name": "28111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28111" + }, + { + "name": "3466", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3466" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6707.json b/2007/6xxx/CVE-2007-6707.json index 8fb228c9258..e3475abc291 100644 --- a/2007/6xxx/CVE-2007-6707.json +++ b/2007/6xxx/CVE-2007-6707.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "43539", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43539" - }, - { - "name" : "linksys-wag54gs-setup-xss(41270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "linksys-wag54gs-setup-xss(41270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/" + }, + { + "name": "43539", + "refsource": "OSVDB", + "url": "http://osvdb.org/43539" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0177.json b/2010/0xxx/CVE-2010-0177.json index e66fb94eda6..f16f52124c3 100644 --- a/2010/0xxx/CVE-2010-0177.json +++ b/2010/0xxx/CVE-2010-0177.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a \"dangling pointer vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510540/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-049", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-049" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538310", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=538310" - }, - { - "name" : "DSA-2027", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2027" - }, - { - "name" : "MDVSA-2010:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" - }, - { - "name" : "RHSA-2010:0332", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0332.html" - }, - { - "name" : "RHSA-2010:0333", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0333.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-921-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-921-1" - }, - { - "name" : "oval:org.mitre.oval:def:10833", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833" - }, - { - "name" : "oval:org.mitre.oval:def:7622", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622" - }, - { - "name" : "1023776", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023776" - }, - { - "name" : "38566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38566" - }, - { - "name" : "39117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39117" - }, - { - "name" : "39136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39136" - }, - { - "name" : "39240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39240" - }, - { - "name" : "39243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39243" - }, - { - "name" : "39308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39308" - }, - { - "name" : "39397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39397" - }, - { - "name" : "ADV-2010-0748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0748" - }, - { - "name" : "ADV-2010-0764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0764" - }, - { - "name" : "ADV-2010-0765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0765" - }, - { - "name" : "ADV-2010-0781", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0781" - }, - { - "name" : "ADV-2010-0849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0849" - }, - { - "name" : "firefox-nspluginarray-code-execution(57393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a \"dangling pointer vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510540/100/0/threaded" + }, + { + "name": "39397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39397" + }, + { + "name": "RHSA-2010:0333", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0333.html" + }, + { + "name": "39308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39308" + }, + { + "name": "39136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39136" + }, + { + "name": "firefox-nspluginarray-code-execution(57393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57393" + }, + { + "name": "ADV-2010-0781", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0781" + }, + { + "name": "USN-921-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-921-1" + }, + { + "name": "1023776", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023776" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-19.html" + }, + { + "name": "oval:org.mitre.oval:def:7622", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "ADV-2010-0764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0764" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-049", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-049" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=538310", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=538310" + }, + { + "name": "ADV-2010-0765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0765" + }, + { + "name": "MDVSA-2010:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" + }, + { + "name": "38566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38566" + }, + { + "name": "oval:org.mitre.oval:def:10833", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833" + }, + { + "name": "39117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39117" + }, + { + "name": "39243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39243" + }, + { + "name": "ADV-2010-0748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0748" + }, + { + "name": "ADV-2010-0849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0849" + }, + { + "name": "DSA-2027", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2027" + }, + { + "name": "RHSA-2010:0332", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0332.html" + }, + { + "name": "39240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39240" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0664.json b/2010/0xxx/CVE-2010-0664.json index b5cbacbd37c..16666aa0ef5 100644 --- a/2010/0xxx/CVE-2010-0664.json +++ b/2010/0xxx/CVE-2010-0664.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html", - "refsource" : "MISC", - "url" : "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html" - }, - { - "name" : "http://twitter.com/akirsanov/statuses/7370288490", - "refsource" : "MISC", - "url" : "http://twitter.com/akirsanov/statuses/7370288490" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=31517", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=31517" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "oval:org.mitre.oval:def:14097", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=31517", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=31517" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "oval:org.mitre.oval:def:14097", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14097" + }, + { + "name": "http://twitter.com/akirsanov/statuses/7370288490", + "refsource": "MISC", + "url": "http://twitter.com/akirsanov/statuses/7370288490" + }, + { + "name": "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html", + "refsource": "MISC", + "url": "http://exchange.kg/other/chrome3_0day-denial_of_service_crash.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1174.json b/2010/1xxx/CVE-2010-1174.json index 326425a855b..163df410184 100644 --- a/2010/1xxx/CVE-2010-1174.json +++ b/2010/1xxx/CVE-2010-1174.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11878", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11878" - }, - { - "name" : "38968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38968" - }, - { - "name" : "39116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39116" - }, - { - "name" : "cisco-tftp-dos(57165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39116" + }, + { + "name": "11878", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11878" + }, + { + "name": "38968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38968" + }, + { + "name": "cisco-tftp-dos(57165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57165" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1242.json b/2010/1xxx/CVE-2010-1242.json index edb1ade8e7d..05a51b67d95 100644 --- a/2010/1xxx/CVE-2010-1242.json +++ b/2010/1xxx/CVE-2010-1242.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24025662", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24025662" - }, - { - "name" : "IO11274", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IO11274" - }, - { - "name" : "39186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39186" - }, - { - "name" : "ADV-2010-0733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0733" - }, - { - "name" : "ADV-2011-0834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0834" + }, + { + "name": "39186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39186" + }, + { + "name": "ADV-2010-0733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0733" + }, + { + "name": "IO11274", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IO11274" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24025662", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025662" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1618.json b/2010/1xxx/CVE-2010-1618.json index c00b343644f..afb3e2bdd18 100644 --- a/2010/1xxx/CVE-2010-1618.json +++ b/2010/1xxx/CVE-2010-1618.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moodle.org/security/", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/security/" - }, - { - "name" : "http://www.ja-sig.org/issues/browse/PHPCAS-52", - "refsource" : "CONFIRM", - "url" : "http://www.ja-sig.org/issues/browse/PHPCAS-52" - }, - { - "name" : "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "http://moodle.org/security/", + "refsource": "CONFIRM", + "url": "http://moodle.org/security/" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "http://www.ja-sig.org/issues/browse/PHPCAS-52", + "refsource": "CONFIRM", + "url": "http://www.ja-sig.org/issues/browse/PHPCAS-52" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1639.json b/2010/1xxx/CVE-2010-1639.json index 98c46f72ce1..1dae86bad37 100644 --- a/2010/1xxx/CVE-2010-1639.json +++ b/2010/1xxx/CVE-2010-1639.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2", - "refsource" : "CONFIRM", - "url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016" - }, - { - "name" : "FEDORA-2011-2741", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html" - }, - { - "name" : "FEDORA-2011-2743", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html" - }, - { - "name" : "MDVSA-2010:110", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:110" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "40317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40317" - }, - { - "name" : "1024017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024017" - }, - { - "name" : "39895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39895" - }, - { - "name" : "43752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43752" - }, - { - "name" : "ADV-2010-1214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1214" - }, - { - "name" : "clamav-clipdf-dos(58824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024017" + }, + { + "name": "clamav-clipdf-dos(58824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58824" + }, + { + "name": "40317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40317" + }, + { + "name": "43752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43752" + }, + { + "name": "ADV-2010-1214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1214" + }, + { + "name": "MDVSA-2010:110", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:110" + }, + { + "name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2", + "refsource": "CONFIRM", + "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2" + }, + { + "name": "FEDORA-2011-2743", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "39895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39895" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016" + }, + { + "name": "FEDORA-2011-2741", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1644.json b/2010/1xxx/CVE-2010-1644.json index 97e9bc667fa..59b72584b1c 100644 --- a/2010/1xxx/CVE-2010-1644.json +++ b/2010/1xxx/CVE-2010-1644.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100521 Cacti Multiple Parameter Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511393" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=5901", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=5901" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_7f.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_7f.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=609093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=609093" - }, - { - "name" : "MDVSA-2010:160", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" - }, - { - "name" : "RHSA-2010:0635", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" - }, - { - "name" : "40332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40332" - }, - { - "name" : "41041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41041" - }, - { - "name" : "ADV-2010-1203", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1203" - }, - { - "name" : "ADV-2010-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1203", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1203" + }, + { + "name": "MDVSA-2010:160", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=609093", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=609093" + }, + { + "name": "41041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41041" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_7f.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_7f.php" + }, + { + "name": "RHSA-2010:0635", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html" + }, + { + "name": "20100521 Cacti Multiple Parameter Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511393" + }, + { + "name": "ADV-2010-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2132" + }, + { + "name": "40332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40332" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=5901", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=5901" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4027.json b/2010/4xxx/CVE-2010-4027.json index 414b8b97edf..e3e7890cb87 100644 --- a/2010/4xxx/CVE-2010-4027.json +++ b/2010/4xxx/CVE-2010-4027.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-4027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMI02582", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128820226417721&w=2" - }, - { - "name" : "SSRT100269", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=128820226417721&w=2" - }, - { - "name" : "1024658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024658" - }, - { - "name" : "42023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100269", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128820226417721&w=2" + }, + { + "name": "1024658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024658" + }, + { + "name": "HPSBMI02582", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=128820226417721&w=2" + }, + { + "name": "42023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42023" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4051.json b/2010/4xxx/CVE-2010-4051.json index 881caa0280c..675c20fe5b3 100644 --- a/2010/4xxx/CVE-2010-4051.json +++ b/2010/4xxx/CVE-2010-4051.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/93" - }, - { - "name" : "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515589/100/0/threaded" - }, - { - "name" : "15935", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15935" - }, - { - "name" : "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Jan/78" - }, - { - "name" : "http://cxib.net/stuff/proftpd.gnu.c", - "refsource" : "MISC", - "url" : "http://cxib.net/stuff/proftpd.gnu.c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=645859", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=645859" - }, - { - "name" : "VU#912279", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/912279" - }, - { - "name" : "45233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45233" - }, - { - "name" : "1024832", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024832" - }, - { - "name" : "42547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42547" - }, - { - "name" : "8003", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42547" + }, + { + "name": "1024832", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024832" + }, + { + "name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Jan/78" + }, + { + "name": "VU#912279", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/912279" + }, + { + "name": "45233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45233" + }, + { + "name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515589/100/0/threaded" + }, + { + "name": "http://cxib.net/stuff/proftpd.gnu.c", + "refsource": "MISC", + "url": "http://cxib.net/stuff/proftpd.gnu.c" + }, + { + "name": "15935", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15935" + }, + { + "name": "8003", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8003" + }, + { + "name": "20110107 GNU libc/regcomp(3) Multiple Vulnerabilities", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/93" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=645859", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645859" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4173.json b/2010/4xxx/CVE-2010-4173.json index ec468e3da63..3bf263f51e3 100644 --- a/2010/4xxx/CVE-2010-4173.json +++ b/2010/4xxx/CVE-2010-4173.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101116 CVE Request: libsdp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/16/2" - }, - { - "name" : "[oss-security] 20101116 Re: CVE Request: libsdp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/16/7" - }, - { - "name" : "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=647941", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=647941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101116 Re: CVE Request: libsdp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/16/7" + }, + { + "name": "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz", + "refsource": "CONFIRM", + "url": "http://www.openfabrics.org/downloads/libsdp/libsdp-1.1.105-0.4.g1b9b996.tar.gz" + }, + { + "name": "[oss-security] 20101116 CVE Request: libsdp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/16/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=647941", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=647941" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4828.json b/2010/4xxx/CVE-2010-4828.json index 4066ec04a81..c9a5f90d2b5 100644 --- a/2010/4xxx/CVE-2010-4828.json +++ b/2010/4xxx/CVE-2010-4828.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101207 Multiple XSS in Solarwinds Orion NPM 10.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515083/100/0/threaded" - }, - { - "name" : "45257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45257" - }, - { - "name" : "42486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42486" - }, - { - "name" : "8349", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8349" - }, - { - "name" : "orion-network-multiple-xss(63956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42486" + }, + { + "name": "8349", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8349" + }, + { + "name": "20101207 Multiple XSS in Solarwinds Orion NPM 10.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515083/100/0/threaded" + }, + { + "name": "orion-network-multiple-xss(63956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63956" + }, + { + "name": "45257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45257" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5124.json b/2010/5xxx/CVE-2010-5124.json index 1634ba794c3..4319425a127 100644 --- a/2010/5xxx/CVE-2010-5124.json +++ b/2010/5xxx/CVE-2010-5124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5124", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5124", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0247.json b/2014/0xxx/CVE-2014-0247.json index 99335de8aef..8b7546e1d0c 100644 --- a/2014/0xxx/CVE-2014-0247.json +++ b/2014/0xxx/CVE-2014-0247.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html", - "refsource" : "MISC", - "url" : "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html" - }, - { - "name" : "https://bugs.mageia.org/show_bug.cgi?id=13580", - "refsource" : "MISC", - "url" : "https://bugs.mageia.org/show_bug.cgi?id=13580" - }, - { - "name" : "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81", - "refsource" : "MISC", - "url" : "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81" - }, - { - "name" : "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/", - "refsource" : "CONFIRM", - "url" : "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/" - }, - { - "name" : "FEDORA-2014-7679", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html" - }, - { - "name" : "GLSA-201408-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" - }, - { - "name" : "RHSA-2015:0377", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0377.html" - }, - { - "name" : "openSUSE-SU-2014:0860", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html" - }, - { - "name" : "USN-2253-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2253-1" - }, - { - "name" : "68151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68151" - }, - { - "name" : "59330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59330" - }, - { - "name" : "57383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57383" - }, - { - "name" : "60799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60799" + }, + { + "name": "GLSA-201408-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" + }, + { + "name": "FEDORA-2014-7679", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html" + }, + { + "name": "USN-2253-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2253-1" + }, + { + "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html", + "refsource": "MISC", + "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html" + }, + { + "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/", + "refsource": "CONFIRM", + "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/" + }, + { + "name": "68151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68151" + }, + { + "name": "57383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57383" + }, + { + "name": "openSUSE-SU-2014:0860", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html" + }, + { + "name": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81", + "refsource": "MISC", + "url": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81" + }, + { + "name": "RHSA-2015:0377", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html" + }, + { + "name": "59330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59330" + }, + { + "name": "https://bugs.mageia.org/show_bug.cgi?id=13580", + "refsource": "MISC", + "url": "https://bugs.mageia.org/show_bug.cgi?id=13580" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0270.json b/2014/0xxx/CVE-2014-0270.json index 49cdee2ef49..dc30fa0fd2e 100644 --- a/2014/0xxx/CVE-2014-0270.json +++ b/2014/0xxx/CVE-2014-0270.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65367" - }, - { - "name" : "103170", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103170" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140270-code-exec(90761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "103170", + "refsource": "OSVDB", + "url": "http://osvdb.org/103170" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "ms-ie-cve20140270-code-exec(90761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90761" + }, + { + "name": "65367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65367" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0349.json b/2014/0xxx/CVE-2014-0349.json index af66c32604b..f229e35ec8b 100644 --- a/2014/0xxx/CVE-2014-0349.json +++ b/2014/0xxx/CVE-2014-0349.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#345337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/345337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#345337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/345337" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0448.json b/2014/0xxx/CVE-2014-0448.json index ce9de46d600..133b53790b4 100644 --- a/2014/0xxx/CVE-2014-0448.json +++ b/2014/0xxx/CVE-2014-0448.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "66904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" + }, + { + "name": "66904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66904" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1467.json b/2014/1xxx/CVE-2014-1467.json index f01b66aa00c..e04e047baf2 100644 --- a/2014/1xxx/CVE-2014-1467.json +++ b/2014/1xxx/CVE-2014-1467.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackberry.com/btsc/KB35647", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/KB35647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blackberry.com/btsc/KB35647", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/KB35647" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1821.json b/2014/1xxx/CVE-2014-1821.json index d5456dd5c57..fd352769d1d 100644 --- a/2014/1xxx/CVE-2014-1821.json +++ b/2014/1xxx/CVE-2014-1821.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1821", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1821", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1832.json b/2014/1xxx/CVE-2014-1832.json index 9f17cd280d6..361bf631b93 100644 --- a/2014/1xxx/CVE-2014-1832.json +++ b/2014/1xxx/CVE-2014-1832.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/29/6" - }, - { - "name" : "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/30/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058992", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058992" - }, - { - "name" : "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0", - "refsource" : "CONFIRM", - "url" : "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0" - }, - { - "name" : "FEDORA-2015-1151", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/29/6" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958" + }, + { + "name": "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/30/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992" + }, + { + "name": "FEDORA-2015-1151", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html" + }, + { + "name": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0", + "refsource": "CONFIRM", + "url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4243.json b/2014/4xxx/CVE-2014-4243.json index e4eddd19697..270b509581a 100644 --- a/2014/4xxx/CVE-2014-4243.json +++ b/2014/4xxx/CVE-2014-4243.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "SUSE-SU-2014:1072", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" - }, - { - "name" : "68611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68611" - }, - { - "name" : "1030578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030578" - }, - { - "name" : "60425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60425" - }, - { - "name" : "oracle-cpujul2014-cve20144243(94628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68611" + }, + { + "name": "oracle-cpujul2014-cve20144243(94628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94628" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "1030578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030578" + }, + { + "name": "SUSE-SU-2014:1072", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "60425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60425" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4286.json b/2014/4xxx/CVE-2014-4286.json index 14a585ffb5f..96f9f54dcc4 100644 --- a/2014/4xxx/CVE-2014-4286.json +++ b/2014/4xxx/CVE-2014-4286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4286", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candidate is a duplicate of CVE-2013-4286. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4286", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candidate is a duplicate of CVE-2013-4286. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4499.json b/2014/4xxx/CVE-2014-4499.json index 25841af7f77..ae1fb437fe8 100644 --- a/2014/4xxx/CVE-2014-4499.json +++ b/2014/4xxx/CVE-2014-4499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9020.json b/2014/9xxx/CVE-2014-9020.json index 1e637995c6d..68484cf056b 100644 --- a/2014/9xxx/CVE-2014-9020.json +++ b/2014/9xxx/CVE-2014-9020.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 ZTE 831CII Multiple Vulnerablities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533930/100/0/threaded" - }, - { - "name" : "20141106 ZTE ZXDSL 831 Multiple Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533931/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html" - }, - { - "name" : "70984", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70984" - }, - { - "name" : "70985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70985" - }, - { - "name" : "zte831cii-psilan-xss(98584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141106 ZTE 831CII Multiple Vulnerablities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533930/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html" + }, + { + "name": "70984", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70984" + }, + { + "name": "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html" + }, + { + "name": "70985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70985" + }, + { + "name": "zte831cii-psilan-xss(98584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98584" + }, + { + "name": "20141106 ZTE ZXDSL 831 Multiple Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533931/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9154.json b/2014/9xxx/CVE-2014-9154.json index e4187e90de2..5527bf7ddf4 100644 --- a/2014/9xxx/CVE-2014-9154.json +++ b/2014/9xxx/CVE-2014-9154.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2320741", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2320741" - }, - { - "name" : "https://www.drupal.org/node/2320693", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2320693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2320741", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2320741" + }, + { + "name": "https://www.drupal.org/node/2320693", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2320693" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9938.json b/2014/9xxx/CVE-2014-9938.json index b950de9d97e..9f74ca256c9 100644 --- a/2014/9xxx/CVE-2014-9938.json +++ b/2014/9xxx/CVE-2014-9938.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/njhartwell/pw3nage", - "refsource" : "MISC", - "url" : "https://github.com/njhartwell/pw3nage" - }, - { - "name" : "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f", - "refsource" : "CONFIRM", - "url" : "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f" - }, - { - "name" : "RHSA-2017:2004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/njhartwell/pw3nage", + "refsource": "MISC", + "url": "https://github.com/njhartwell/pw3nage" + }, + { + "name": "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f", + "refsource": "CONFIRM", + "url": "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f" + }, + { + "name": "RHSA-2017:2004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2004" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3467.json b/2016/3xxx/CVE-2016-3467.json index 1fda73a0d50..8b217cd88df 100644 --- a/2016/3xxx/CVE-2016-3467.json +++ b/2016/3xxx/CVE-2016-3467.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91894" - }, - { - "name" : "1036363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "1036363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036363" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91894" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3846.json b/2016/3xxx/CVE-2016-3846.json index 5ba7ab1ec65..db1e2c5fcba 100644 --- a/2016/3xxx/CVE-2016-3846.json +++ b/2016/3xxx/CVE-2016-3846.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "92240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92240" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7245.json b/2016/7xxx/CVE-2016-7245.json index 37d8cd40bc6..1c7ecb162d7 100644 --- a/2016/7xxx/CVE-2016-7245.json +++ b/2016/7xxx/CVE-2016-7245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-133", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" - }, - { - "name" : "94026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94026" - }, - { - "name" : "1037246", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-133", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133" + }, + { + "name": "94026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94026" + }, + { + "name": "1037246", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037246" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7285.json b/2016/7xxx/CVE-2016-7285.json index 0d5994557dd..3ad96d9d482 100644 --- a/2016/7xxx/CVE-2016-7285.json +++ b/2016/7xxx/CVE-2016-7285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7285", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7285", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7515.json b/2016/7xxx/CVE-2016-7515.json index a823f9111bb..5f9effbce81 100644 --- a/2016/7xxx/CVE-2016-7515.json +++ b/2016/7xxx/CVE-2016-7515.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378741", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378741" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/82", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/82" - }, - { - "name" : "93120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378741", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378741" + }, + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "93120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93120" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/82", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/82" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7995.json b/2016/7xxx/CVE-2016-7995.json index f6454c194c4..304d8b6d449 100644 --- a/2016/7xxx/CVE-2016-7995.json +++ b/2016/7xxx/CVE-2016-7995.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/07/3" - }, - { - "name" : "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/4" - }, - { - "name" : "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a" - }, - { - "name" : "openSUSE-SU-2016:3237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" - }, - { - "name" : "93454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html" + }, + { + "name": "openSUSE-SU-2016:3237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b16c129daf0fed91febbb88de23dae8271c8898a" + }, + { + "name": "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/07/3" + }, + { + "name": "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/4" + }, + { + "name": "93454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93454" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8232.json b/2016/8xxx/CVE-2016-8232.json index ddcf6949ebc..18a273e1fba 100644 --- a/2016/8xxx/CVE-2016-8232.json +++ b/2016/8xxx/CVE-2016-8232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2016-8232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z", - "version" : { - "version_data" : [ - { - "version_value" : "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOM-Based XSS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2016-8232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z", + "version": { + "version_data": [ + { + "version_value": "Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 Earlier than 66Z" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-5700", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-5700" - }, - { - "name" : "95839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95839" - }, - { - "name" : "lenovo-cve20168232-xss(121443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOM-Based XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-5700", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-5700" + }, + { + "name": "lenovo-cve20168232-xss(121443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121443" + }, + { + "name": "95839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95839" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8371.json b/2016/8xxx/CVE-2016-8371.json index 5358f096520..3cf99cdc9e6 100644 --- a/2016/8xxx/CVE-2016-8371.json +++ b/2016/8xxx/CVE-2016-8371.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2016-11-08T00:00:00", - "ID" : "CVE-2016-8371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Phoenix Contact ILC PLCs", - "version" : { - "version_data" : [ - { - "version_value" : "All ILC 1xx PLCs" - } - ] - } - } - ] - }, - "vendor_name" : "Phoenix Contact" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-592: Authentication Bypass Issues" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2016-11-08T00:00:00", + "ID": "CVE-2016-8371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Phoenix Contact ILC PLCs", + "version": { + "version_data": [ + { + "version_value": "All ILC 1xx PLCs" + } + ] + } + } + ] + }, + "vendor_name": "Phoenix Contact" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45590", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45590/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-313-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-313-01" - }, - { - "name" : "94163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-592: Authentication Bypass Issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-313-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-313-01" + }, + { + "name": "45590", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45590/" + }, + { + "name": "94163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94163" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8508.json b/2016/8xxx/CVE-2016-8508.json index bada1d8d887..b9266cf4768 100644 --- a/2016/8xxx/CVE-2016-8508.json +++ b/2016/8xxx/CVE-2016-8508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "browser-security@yandex-team.ru", - "ID" : "CVE-2016-8508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yandex Browser for desktop", - "version" : { - "version_data" : [ - { - "version_value" : "before 17.1.1.227 for OSx and Windows" - } - ] - } - } - ] - }, - "vendor_name" : "Yandex N.V." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Yandex Browser Protect mechanism bypass" - } + "CVE_data_meta": { + "ASSIGNER": "browser-security@yandex-team.ru", + "ID": "CVE-2016-8508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yandex Browser for desktop", + "version": { + "version_data": [ + { + "version_value": "before 17.1.1.227 for OSx and Windows" + } + ] + } + } + ] + }, + "vendor_name": "Yandex N.V." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1", - "refsource" : "CONFIRM", - "url" : "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1" - }, - { - "name" : "96514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Yandex Browser Protect mechanism bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96514" + }, + { + "name": "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1", + "refsource": "CONFIRM", + "url": "https://yandex.com/blog/security-changelogs/fixed-in-version-17-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8852.json b/2016/8xxx/CVE-2016-8852.json index 4eb411ff363..5abc2d07c47 100644 --- a/2016/8xxx/CVE-2016-8852.json +++ b/2016/8xxx/CVE-2016-8852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8852", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8852", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9191.json b/2016/9xxx/CVE-2016-9191.json index 5079190c0a8..e508b0dd93c 100644 --- a/2016/9xxx/CVE-2016-9191.json +++ b/2016/9xxx/CVE-2016-9191.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/05/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1392439", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1392439" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939" - }, - { - "name" : "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us" - }, - { - "name" : "DSA-3791", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3791" - }, - { - "name" : "94129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/05/4" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03802en_us" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439" + }, + { + "name": "94129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94129" + }, + { + "name": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939" + }, + { + "name": "DSA-3791", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3791" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9307.json b/2016/9xxx/CVE-2016-9307.json index 76173ba0165..3e320e5ef18 100644 --- a/2016/9xxx/CVE-2016-9307.json +++ b/2016/9xxx/CVE-2016-9307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", - "refsource" : "CONFIRM", - "url" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" - }, - { - "name" : "95802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95802" + }, + { + "name": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", + "refsource": "CONFIRM", + "url": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9483.json b/2016/9xxx/CVE-2016-9483.json index e0a78e36182..70f475bcafd 100644 --- a/2016/9xxx/CVE-2016-9483.json +++ b/2016/9xxx/CVE-2016-9483.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-9483", - "STATE" : "PUBLIC", - "TITLE" : "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Generator", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2016-12-06", - "version_value" : "2016-12-06" - } - ] - } - } - ] - }, - "vendor_name" : "PHP FormMail" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Pouya Darabi for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9483", + "STATE": "PUBLIC", + "TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Generator", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2016-12-06", + "version_value": "2016-12-06" + } + ] + } + } + ] + }, + "vendor_name": "PHP FormMail" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#494015", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/494015" - }, - { - "name" : "94778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94778" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches." - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Pouya Darabi for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#494015", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/494015" + }, + { + "name": "94778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94778" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches." + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9520.json b/2016/9xxx/CVE-2016-9520.json index f427a789fc2..cc7550b4507 100644 --- a/2016/9xxx/CVE-2016-9520.json +++ b/2016/9xxx/CVE-2016-9520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9520", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9520", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9885.json b/2016/9xxx/CVE-2016-9885.json index 75082d39873..c6aed78e137 100644 --- a/2016/9xxx/CVE-2016-9885.json +++ b/2016/9xxx/CVE-2016-9885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-9885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1", - "version" : { - "version_data" : [ - { - "version_value" : "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "gfsh exposed over go router for GemFire for PCF" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-9885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1", + "version": { + "version_data": [ + { + "version_value": "GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2016-9885", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2016-9885" - }, - { - "name" : "95270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "gfsh exposed over go router for GemFire for PCF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95270" + }, + { + "name": "https://pivotal.io/security/cve-2016-9885", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2016-9885" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2424.json b/2019/2xxx/CVE-2019-2424.json index a0e9937bdbe..4638936e5fa 100644 --- a/2019/2xxx/CVE-2019-2424.json +++ b/2019/2xxx/CVE-2019-2424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2643.json b/2019/2xxx/CVE-2019-2643.json index 9c1c35f17b7..9b845e72324 100644 --- a/2019/2xxx/CVE-2019-2643.json +++ b/2019/2xxx/CVE-2019-2643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2984.json b/2019/2xxx/CVE-2019-2984.json index b7803e8c8f0..367c5e3d1d1 100644 --- a/2019/2xxx/CVE-2019-2984.json +++ b/2019/2xxx/CVE-2019-2984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file